[Résolu] Mon ordinateur est infecté

oGu · le 12 avril 2008

Sa avance!

???

Connais-tu le programme suivant:

C:\Program Files\HOTPC

?

VIRUSTOTAL

Va sur le site VirusTotal

Copie cette ligne:

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K5A3CH2R\unpr[1].exe
Colle cette ligne dans la fenêtre suivante, sur la page VirusTotal:[/color]
Clique sur le bouton "Envoyer le fichier" et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
Une nouvelle fenêtre de ton navigateur va apparaître
Clique alors sur cette image :
Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
Enfin colle le résultat dans ta prochaine réponse.

Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

VIRUSTOTAL#2

Recommence la même opération avec, cette fois, cette ligne à analyser:

C:\WINDOWS\System32\dllcache\wintcps.exe

CREATION/EXECUTION D'UN CFSCRIPT

Lis bien la procédure avant de te lancer. Tu peux même l'imprimer, éventuellement.

Supprime le fichier CFScript que nous avons créé tout à l'heure
Ouvre un nouveau fichier du Bloc-notes
"Copie/Colle" tout le contenu de la boîte Code ci-dessous (mais n'inclus pas le mot "Code") dans le fichier texte du bloc-note :
```
File::
c:\documents and settings\les babies\local settings\application data\vdcmki.exe
```

Sauvegarde ce fichier sur ton Bureau en l'appelant IMPERATIVEMENT CFScript.txt

ATTENTION: ce script a été conçu spécifiquement pour le cas de Lezenete, ne pas l'utiliser pour votre propre machine!!
Désactive ton antivirus et ton antispyware
Te référant à l'image ci-dessous, déplace CFScript.txt sur ComboFix.exe
ComboFix sera lancé.
Une fenêtre bleue va apparaitre: patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
Soumet le fichier en cliquant "OK"
Enfin, poste les deux rapports suivants dans ta prochaine réponse :

- Combofix.txt (il est stocké ici: > C:\ComboFix.txt)
- Un nouveau rapport HijackThis

HIJACKTHIS

Relance HijackThis
Sélectionne "Do a scan only"
Coche la ligne suivante si elle apparaît:

O4 - HKCU\..\Run: [vdcmki] c:\documents and settings\les babies\local settings\application data\vdcmki.exe vdcmki
Ferme tes navigateurs
Clique en bas sur "Fix checked"
Redémarre
Tu peux à nouveau utiliser ton navigateur

SUPPRIMER UN SERVICE

Boonty Games est un nid à saleté!

Dans le menu Démarrer, clique sur "exécuter"
Saisis cmd et valide avec "ok"
Dans l'invite qui s'ouvre, copie et colle cette ligne

sc delete sc stop BOONTY

Valide avec OK
Copie-colle maintenant cette commande dans la fenêtre:

sc delete BOONTY

Valide avec OK
Redémarre

HIJACKTHIS#2

Recherche de Vundo

Va dans C:\Program Files\Trend Micro\HijackThis\
Clique-droit sur hijackthis.exe et choisis "renommer" (il se peut que le .exe n'apparaissent pas)
Appelle-le educ_nat_powa (si le .exe n'apparaissait pas, inutile de le rajouter)
Clique maintenant sur educ_nat_powa.exe et sélectionne "do a scan and save a logfile"
Poste ce nouveau rapport.

On va y arriver, t'inquiète pas, mais il y a beaucoup de boulot!

Modifié le 12 avril 2008 par oGu

dydeline · le 12 avril 2008

Non, je sais pas ce que c'est HOTPC... une merdouille je suppose...

Je ne m'inquiète pas, pas de problème, j'y crois très fort

oGu · le 12 avril 2008

Non, je sais pas ce que c'est HOTPC... une merdouille je suppose...

Ouais, il semblerait que cela soit un dialer porno.

On lui fera la peau lors de la phase antispyware.

Edit: j'ai très légérement modifié le CFScript: il ne FAUT PAS de saut de ligne entre File:: et c:\documents and settings\ blablabla...

Modifié le 12 avril 2008 par oGu

dydeline · le 12 avril 2008

Voici l'analyse de la 1ère ligne :

Fichier unpr_1_.exe reçu le 2008.04.12 19:30:46 (CET)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.4.12.0 2008.04.11 Win32/Virut.C

AntiVir 7.6.0.85 2008.04.11 W32/Virut.Gen

Authentium 4.93.8 2008.04.11 W32/Virut!Generic

Avast 4.8.1169.0 2008.04.12 Win32:Small-JMH

AVG 7.5.0.516 2008.04.12 Win32/Virut

BitDefender 7.2 2008.04.12 Win32.Virtob.3.Gen

CAT-QuickHeal 9.50 2008.04.12 W32.Virut.E

ClamAV 0.92.1 2008.04.12 W32.Virut.ca

DrWeb 4.44.0.09170 2008.04.12 Win32.Virut.5

eSafe 7.0.15.0 2008.04.09 -

eTrust-Vet 31.3.5692 2008.04.11 Win32/Virut.9276

Ewido 4.0 2008.04.12 -

F-Prot 4.4.2.54 2008.04.11 W32/Virut.9264

F-Secure 6.70.13260.0 2008.04.11 W32/Virut.D

FileAdvisor 1 2008.04.12 -

Fortinet 3.14.0.0 2008.04.12 W32/Virut.EPO

Ikarus T3.1.1.26 2008.04.12 Virus.Win32.Small.JMH

Kaspersky 7.0.0.125 2008.04.12 Virus.Win32.Virut.n

McAfee 5272 2008.04.11 W32/Virut.gen

Microsoft 1.3408 2008.04.12 Virus:Win32/Virut.AK

NOD32v2 3020 2008.04.11 Win32/Virut.E

Norman 5.80.02 2008.04.12 W32/Virut.D

Panda 9.0.0.4 2008.04.12 W32/Virutas.G

Prevx1 V2 2008.04.12 Heuristic: Suspicious Self Modifying File

Rising 20.39.52.00 2008.04.12 Win32.Virut.GEN

Sophos 4.28.0 2008.04.12 W32/Vetor-A

Sunbelt 3.0.1041.0 2008.04.12 -

Symantec 10 2008.04.12 W32.Virut.B

TheHacker 6.2.92.275 2008.04.12 -

VBA32 3.12.6.4 2008.04.06 Virus.Win32.Virut.3

VirusBuster 4.3.26:9 2008.04.12 Win32.Virut.Gen

Webwasher-Gateway 6.6.2 2008.04.11 Win32.Virut.Gen

Information additionnelle

File size: 50176 bytes

MD5...: 158d4a77c70b5cba66aa311552562676

SHA1..: 294f548024517253559a2bf5c8bbe6cb9bfb548c

SHA256: 7c814596967d0d75502756a9ec5cf60da5bd811c6b7986a633bdc8d65139c68f

SHA512: 597e1f7f8f5261352d3637236d5bd2358463bd2d0828c509de7c4173e3789c3c e61bd9b16c7db0626aabe25fc0dc5608a04a7f82d44108996f753d1bd4a0bab6

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401052 timedatestamp.....: 0x47fd2511 (Wed Apr 09 20:20:33 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x226 0x400 3.10 5bdc4958f86a6430da6f9e7881f8b30b .rdata 0x2000 0x1e0 0x200 4.42 4f7318a37731d467644fb6579b481ca6 .data 0x3000 0x220 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x4000 0x10400 0xba00 7.43 72ce35d0bbe4b64c36360c820151b578 ( 1 imports ) > KERNEL32.dll: CloseHandle, CreateFileA, CreateProcessA, ExitProcess, FindResourceA, GetStartupInfoA, GetSystemDirectoryA, GetTempFileNameA, GetTempPathA, GetVersion, GetWindowsDirectoryA, LoadResource, LockResource, SetFilePointer, SizeofResource, WriteFile, lstrcatA ( 0 exports )

packers: UPX

Prevx info: http://info.prevx.com/aboutprogramtext.asp...90B9200066A4F64

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.4.12.0 2008.04.11 Win32/Virut.C

AntiVir 7.6.0.85 2008.04.11 W32/Virut.Gen

Authentium 4.93.8 2008.04.11 W32/Virut!Generic

Avast 4.8.1169.0 2008.04.12 Win32:Small-JMH

AVG 7.5.0.516 2008.04.12 Win32/Virut

BitDefender 7.2 2008.04.12 Win32.Virtob.3.Gen

CAT-QuickHeal 9.50 2008.04.12 W32.Virut.E

ClamAV 0.92.1 2008.04.12 W32.Virut.ca

DrWeb 4.44.0.09170 2008.04.12 Win32.Virut.5

eSafe 7.0.15.0 2008.04.09 -

eTrust-Vet 31.3.5692 2008.04.11 Win32/Virut.9276

Ewido 4.0 2008.04.12 -

F-Prot 4.4.2.54 2008.04.11 W32/Virut.9264

F-Secure 6.70.13260.0 2008.04.11 W32/Virut.D

FileAdvisor 1 2008.04.12 -

Fortinet 3.14.0.0 2008.04.12 W32/Virut.EPO

Ikarus T3.1.1.26 2008.04.12 Virus.Win32.Small.JMH

Kaspersky 7.0.0.125 2008.04.12 Virus.Win32.Virut.n

McAfee 5272 2008.04.11 W32/Virut.gen

Microsoft 1.3408 2008.04.12 Virus:Win32/Virut.AK

NOD32v2 3020 2008.04.11 Win32/Virut.E

Norman 5.80.02 2008.04.12 W32/Virut.D

Panda 9.0.0.4 2008.04.12 W32/Virutas.G

Prevx1 V2 2008.04.12 Heuristic: Suspicious Self Modifying File

Rising 20.39.52.00 2008.04.12 Win32.Virut.GEN

Sophos 4.28.0 2008.04.12 W32/Vetor-A

Sunbelt 3.0.1041.0 2008.04.12 -

Symantec 10 2008.04.12 W32.Virut.B

TheHacker 6.2.92.275 2008.04.12 -

VBA32 3.12.6.4 2008.04.06 Virus.Win32.Virut.3

VirusBuster 4.3.26:9 2008.04.12 Win32.Virut.Gen

Webwasher-Gateway 6.6.2 2008.04.11 Win32.Virut.Gen

Information additionnelle

File size: 50176 bytes

MD5...: 158d4a77c70b5cba66aa311552562676

SHA1..: 294f548024517253559a2bf5c8bbe6cb9bfb548c

SHA256: 7c814596967d0d75502756a9ec5cf60da5bd811c6b7986a633bdc8d65139c68f

SHA512: 597e1f7f8f5261352d3637236d5bd2358463bd2d0828c509de7c4173e3789c3c e61bd9b16c7db0626aabe25fc0dc5608a04a7f82d44108996f753d1bd4a0bab6

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401052 timedatestamp.....: 0x47fd2511 (Wed Apr 09 20:20:33 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x226 0x400 3.10 5bdc4958f86a6430da6f9e7881f8b30b .rdata 0x2000 0x1e0 0x200 4.42 4f7318a37731d467644fb6579b481ca6 .data 0x3000 0x220 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x4000 0x10400 0xba00 7.43 72ce35d0bbe4b64c36360c820151b578 ( 1 imports ) > KERNEL32.dll: CloseHandle, CreateFileA, CreateProcessA, ExitProcess, FindResourceA, GetStartupInfoA, GetSystemDirectoryA, GetTempFileNameA, GetTempPathA, GetVersion, GetWindowsDirectoryA, LoadResource, LockResource, SetFilePointer, SizeofResource, WriteFile, lstrcatA ( 0 exports )

packers: UPX

Prevx info: http://info.prevx.com/aboutprogramtext.asp...90B9200066A4F64

dydeline · le 12 avril 2008

Comme je peux pas coller dans la fenêtre de Virus Total, je faisais "parcourir" et je recherchais le fichier, sauf que là, je trouve pas wintcps.exe dans le fichier indiqué... Je le tape directement ou pas ?

oGu · le 12 avril 2008

Je le tape directement ou pas ?

Oui, même s'il est probable que ce fichier n'existe plus.

Pourquoi ne peux-tu pas coller? As-tu essayé de cliquer simultanément sur CRTL-V pour voir?

dydeline · le 12 avril 2008

ça marchait pas parce que je faisais clique droit et non ctrl v (je connais pas trop les raccourcis)

Voici ce que ça m'a affiché

0 bytes size received / Se ha recibido un archivo vacio

Je poursuis la procédure...

dydeline · le 12 avril 2008

euh... c'est encore moi ... le fichier CFScript de tout à l'heure, il existe plus sur mon bureau puisque je l'ai glissé dans combofix.exe... je le retrouve où pour le supprimer ? ou alors pas besoin de le supprimer ?

oGu · le 12 avril 2008

Si tu ne le retrouves pas, pas grave!

Crée le nouveau et poursuis !

dydeline · le 12 avril 2008

Et voici le rapport Combo suivi du premier rapport HJT

Par contre pour le scan only de HJT, tu me dis de fermer mes navigateurs avant de cliquer sur Fix Checked, puis de redémarrer et d'utiliser à nouveau mon navigateur, c'est-à-dire ? je ne comprends le truc avec le navigateur...

ComboFix 08-04-11.3 - Les Babies 2008-04-12 20:17:56.3 - NTFSx86

Endroit: C:\Documents and Settings\Les Babies\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Les Babies\Bureau\CFScript.txt

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::

File::c:\documents and settings\les babies\local settings\application data\vdcmki.exe

.

TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\mrofinu1001186.exe

C:\WINDOWS\mrofinu1001186.exe.tmp

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))

.

2008-04-12 14:41 . 2008-04-12 16:47 <REP> d-------- C:\Program Files\Navilog1

2008-04-12 13:10 . 2008-04-12 13:11 <REP> d-------- C:\WINDOWS\ERUNT

2008-04-11 20:31 . 2008-04-11 20:31 <REP> d-------- C:\Program Files\Trend Micro

2008-04-11 11:51 . 2008-04-11 20:25 <REP> d-------- C:\Hijackthis

2008-04-11 11:29 . 2008-04-11 11:29 <REP> d-------- C:\Program Files\Avira

2008-04-11 11:29 . 2008-04-11 11:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-04-10 15:43 . 2004-07-02 00:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll

2008-04-10 15:43 . 2004-07-02 00:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll

2008-04-10 15:43 . 2004-07-02 00:08 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll

2008-04-10 15:43 . 2004-07-02 00:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2008-04-10 15:43 . 2004-07-02 00:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll

2008-04-10 13:55 . 2008-04-10 14:00 147,456 --a------ C:\WINDOWS\system32\hqghumea.dll

2008-03-13 19:52 . 2008-03-13 19:52 <REP> d-------- C:\Program Files\iKlax Media

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-11 14:59 --------- d-----w C:\Program Files\HOTPC

2008-04-10 06:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-10 06:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-31 15:44 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-10 08:48 --------- d-----w C:\Program Files\NBPROF

2008-03-05 14:10 67 ----a-w C:\popit.dat

2008-03-03 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-03-03 11:24 --------- d-----w C:\Program Files\Windows Live

2008-03-03 11:24 --------- d-----w C:\Program Files\MSN Messenger

.

------- Sigcheck -------

2003-05-29 11:49 1010176 40406985a32b55ecf89d91c320105b58 C:\WINDOWS\explorer.exe

2002-08-30 14:00 1017856 7d51fc25301dd78ab5dcb5fed701985c C:\WINDOWS\$NtUninstallKB820291$\explorer.exe

2003-05-29 11:49 1010176 1ae4750d8d6467d4e64262c1c195d90e C:\WINDOWS\Driver Cache\i386\explorer.exe

2004-08-20 01:09 1046016 6a83471b1e647b94e456674eecb0dd3e C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe

2003-05-29 11:49 1010176 f6bdafdfbb2a33d967cc86b0b49de880 C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((( snapshot_2008-04-12_17.27.01.41 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2GDR\hh.exe

+ 2005-05-26 23:22:01 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2GDR\hh.exe

- 2005-05-26 23:26:50 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe

+ 2005-05-26 23:26:50 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe

- 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe

+ 2005-06-10 23:53:32 67,584 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe

- 2005-06-11 00:17:13 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

+ 2005-06-11 00:17:13 67,584 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

- 2005-05-11 02:30:03 78,336 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2GDR\telnet.exe

+ 2005-05-11 02:30:03 88,064 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2GDR\telnet.exe

- 2005-05-11 02:33:19 78,336 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe

+ 2005-05-11 02:33:19 88,064 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe

- 2005-07-25 23:46:57 7,680 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\migregdb.exe

+ 2005-07-25 23:46:57 17,408 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\migregdb.exe

- 2002-08-30 12:00:00 64,512 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe

+ 2002-08-30 12:00:00 74,240 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe

- 2002-05-14 10:08:54 16,439 -c----w C:\WINDOWS\$NtUninstallKB810217$\admin.exe

+ 2002-05-14 10:08:54 28,727 -c----w C:\WINDOWS\$NtUninstallKB810217$\admin.exe

- 2002-05-14 10:08:54 16,439 -c----w C:\WINDOWS\$NtUninstallKB810217$\author.exe

+ 2002-05-14 10:08:54 28,727 -c----w C:\WINDOWS\$NtUninstallKB810217$\author.exe

- 2002-05-14 10:08:54 188,480 -c----w C:\WINDOWS\$NtUninstallKB810217$\cfgwiz.exe

+ 2002-05-14 10:08:54 200,768 -c----w C:\WINDOWS\$NtUninstallKB810217$\cfgwiz.exe

- 2002-05-14 10:08:54 24,632 -c----w C:\WINDOWS\$NtUninstallKB810217$\fpadmcgi.exe

+ 2002-05-14 10:08:54 36,920 -c----w C:\WINDOWS\$NtUninstallKB810217$\fpadmcgi.exe

- 2002-05-14 10:08:54 188,494 -c----w C:\WINDOWS\$NtUninstallKB810217$\fpcount.exe

+ 2002-05-14 10:08:54 200,782 -c----w C:\WINDOWS\$NtUninstallKB810217$\fpcount.exe

- 2002-05-14 10:08:54 20,538 -c----w C:\WINDOWS\$NtUninstallKB810217$\fpremadm.exe

+ 2002-05-14 10:08:54 32,826 -c----w C:\WINDOWS\$NtUninstallKB810217$\fpremadm.exe

- 1999-10-07 06:04:06 16,449 -c----w C:\WINDOWS\$NtUninstallKB810217$\fpsrvadm.exe

+ 1999-10-07 06:04:06 28,737 -c----w C:\WINDOWS\$NtUninstallKB810217$\fpsrvadm.exe

- 2002-05-14 10:08:54 16,437 -c----w C:\WINDOWS\$NtUninstallKB810217$\shtml.exe

+ 2002-05-14 10:08:54 28,725 -c----w C:\WINDOWS\$NtUninstallKB810217$\shtml.exe

- 2002-05-14 10:08:54 32,827 -c----w C:\WINDOWS\$NtUninstallKB810217$\tcptest.exe

+ 2002-05-14 10:08:54 45,115 -c----w C:\WINDOWS\$NtUninstallKB810217$\tcptest.exe

- 2002-08-30 12:00:00 62,976 -c--a-w C:\WINDOWS\$NtUninstallKB817778$\ipv6.exe

+ 2002-08-30 12:00:00 72,704 -c--a-w C:\WINDOWS\$NtUninstallKB817778$\ipv6.exe

- 2002-08-30 12:00:00 85,504 -c--a-w C:\WINDOWS\$NtUninstallKB817778$\netsh.exe

+ 2002-08-30 12:00:00 95,232 -c--a-w C:\WINDOWS\$NtUninstallKB817778$\netsh.exe

- 2002-08-30 12:00:00 33,280 -c--a-w C:\WINDOWS\$NtUninstallKB820291$\shmgrate.exe

+ 2002-08-30 12:00:00 43,008 -c--a-w C:\WINDOWS\$NtUninstallKB820291$\shmgrate.exe

- 2002-08-30 12:00:00 180,224 -c--a-w C:\WINDOWS\$NtUninstallKB821253$\dwwin.exe

+ 2002-08-30 12:00:00 192,512 -c--a-w C:\WINDOWS\$NtUninstallKB821253$\dwwin.exe

- 2003-07-25 09:37:28 101,888 -c--a-w C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe

+ 2003-07-25 09:37:28 111,616 -c--a-w C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe

- 2003-08-01 20:15:00 101,888 -c----w C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe

+ 2003-08-01 20:15:00 111,616 -c----w C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe

- 2002-08-30 12:00:00 8,192 -c----w C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

+ 2002-08-30 12:00:00 17,920 -c----w C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

- 2002-08-30 12:00:00 6,656 -c----w C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

+ 2002-08-30 12:00:00 16,384 -c----w C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

- 2002-08-30 12:00:00 742,400 -c----w C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

+ 2002-08-30 12:00:00 752,128 -c----w C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

- 2004-03-30 01:34:15 741,376 -c----w C:\WINDOWS\$NtUninstallKB840374$\helpctr.exe

+ 2004-03-30 01:34:15 751,104 -c----w C:\WINDOWS\$NtUninstallKB840374$\helpctr.exe

- 2002-08-30 12:00:00 396,800 -c----w C:\WINDOWS\$NtUninstallKB840987$\ntvdm.exe

+ 2002-08-30 12:00:00 406,528 -c----w C:\WINDOWS\$NtUninstallKB840987$\ntvdm.exe

- 2002-08-30 12:00:00 37,888 -c----w C:\WINDOWS\$NtUninstallKB841356$\grpconv.exe

+ 2002-08-30 12:00:00 47,616 -c----w C:\WINDOWS\$NtUninstallKB841356$\grpconv.exe

- 2002-08-30 12:00:00 109,056 -c----w C:\WINDOWS\$NtUninstallKB841533$\netdde.exe

+ 2002-08-30 12:00:00 118,784 -c----w C:\WINDOWS\$NtUninstallKB841533$\netdde.exe

- 2002-08-30 12:00:00 9,728 -c----w C:\WINDOWS\$NtUninstallKB841873$\mstinit.exe

+ 2002-08-30 12:00:00 19,456 -c----w C:\WINDOWS\$NtUninstallKB841873$\mstinit.exe

- 2002-08-30 12:00:00 204,288 -c----w C:\WINDOWS\$NtUninstallKB885836$\wordpad.exe

+ 2002-08-30 12:00:00 214,016 -c----w C:\WINDOWS\$NtUninstallKB885836$\wordpad.exe

- 2002-09-21 18:13:26 10,752 -c----w C:\WINDOWS\$NtUninstallKB896358$\hh.exe

+ 2002-09-21 18:13:26 20,480 -c----w C:\WINDOWS\$NtUninstallKB896358$\hh.exe

- 2002-08-30 12:00:00 51,200 -c----w C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe

+ 2002-08-30 12:00:00 60,928 -c----w C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe

- 2002-08-30 12:00:00 73,728 -c----w C:\WINDOWS\$NtUninstallKB896428$\telnet.exe

+ 2002-08-30 12:00:00 83,456 -c----w C:\WINDOWS\$NtUninstallKB896428$\telnet.exe

- 2004-02-17 18:50:10 6,656 -c----w C:\WINDOWS\$NtUninstallKB902400$\migregdb.exe

+ 2004-02-17 18:50:10 16,384 -c----w C:\WINDOWS\$NtUninstallKB902400$\migregdb.exe

- 2004-06-07 14:16:52 56,832 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\msimn.exe

+ 2004-06-07 14:16:52 66,560 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\msimn.exe

- 2004-06-07 14:16:56 56,320 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\oemig50.exe

+ 2004-06-07 14:16:56 66,048 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\oemig50.exe

- 2004-06-07 14:16:56 43,008 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\wab.exe

+ 2004-06-07 14:16:56 52,736 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\wab.exe

- 2003-03-03 14:57:18 27,648 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\wabmig.exe

+ 2003-03-03 14:57:18 37,376 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\wabmig.exe

- 2003-07-10 10:21:38 49,152 -c----w C:\WINDOWS\$NtUninstallKB914388$\ipv6.exe

+ 2003-07-10 10:21:38 58,880 -c----w C:\WINDOWS\$NtUninstallKB914388$\ipv6.exe

- 2003-07-10 10:21:48 86,016 -c----w C:\WINDOWS\$NtUninstallKB914388$\netsh.exe

+ 2003-07-10 10:21:48 95,744 -c----w C:\WINDOWS\$NtUninstallKB914388$\netsh.exe

- 2006-05-19 12:02:50 49,152 -c----w C:\WINDOWS\$NtUninstallKB922819$\ipv6.exe

+ 2006-05-19 12:02:50 58,880 -c----w C:\WINDOWS\$NtUninstallKB922819$\ipv6.exe

- 2006-05-19 12:01:26 86,016 -c----w C:\WINDOWS\$NtUninstallKB922819$\netsh.exe

+ 2006-05-19 12:01:26 95,744 -c----w C:\WINDOWS\$NtUninstallKB922819$\netsh.exe

- 2002-08-30 12:00:00 130,048 -c--a-w C:\WINDOWS\$NtUninstallQ322011$\fxsclnt.exe

+ 2002-08-30 12:00:00 139,776 -c--a-w C:\WINDOWS\$NtUninstallQ322011$\fxsclnt.exe

- 2002-08-30 12:00:00 185,344 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\accwiz.exe

+ 2002-08-30 12:00:00 195,072 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\accwiz.exe

- 2002-08-30 12:00:00 68,096 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\magnify.exe

+ 2002-08-30 12:00:00 77,824 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\magnify.exe

- 2002-08-30 12:00:00 237,056 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\migwiz.exe

+ 2002-08-30 12:00:00 246,784 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\migwiz.exe

- 2002-08-30 12:00:00 52,736 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\narrator.exe

+ 2002-08-30 12:00:00 62,464 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\narrator.exe

- 2002-08-30 12:00:00 213,504 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\osk.exe

+ 2002-08-30 12:00:00 223,232 -c--a-w C:\WINDOWS\$NtUninstallQ810565$\osk.exe

- 2002-08-30 12:00:00 68,096 -c--a-w C:\WINDOWS\$NtUninstallQ810833$\locator.exe

+ 2002-08-30 12:00:00 77,824 -c--a-w C:\WINDOWS\$NtUninstallQ810833$\locator.exe

- 2002-08-30 12:00:00 329,728 ------w C:\WINDOWS\I386\NETSETUP.EXE

+ 2002-08-30 12:00:00 339,456 ------w C:\WINDOWS\I386\NETSETUP.EXE

- 2002-08-30 12:00:00 140,800 ------w C:\WINDOWS\I386\REGEDIT.EXE

+ 2002-08-30 12:00:00 150,528 ------w C:\WINDOWS\I386\REGEDIT.EXE

- 2002-08-30 12:00:00 73,728 ------w C:\WINDOWS\I386\TELNET.EXE

+ 2002-08-30 12:00:00 83,456 ------w C:\WINDOWS\I386\TELNET.EXE

- 2002-08-30 12:00:00 235,008 ----a-w C:\WINDOWS\msagent\agentsvr.exe

+ 2002-08-30 12:00:00 244,736 ----a-w C:\WINDOWS\msagent\agentsvr.exe

- 2002-08-30 12:00:00 703,488 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

+ 2002-08-30 12:00:00 713,216 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

- 2002-08-30 12:00:00 147,968 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

+ 2002-08-30 12:00:00 157,696 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

- 2002-08-30 12:00:00 139,264 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\UploadM.exe

+ 2002-08-30 12:00:00 148,992 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\UploadM.exe

- 2002-12-11 22:14:32 28,160 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplaysvr.exe

+ 2002-12-11 22:14:32 37,888 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplaysvr.exe

- 2002-12-11 22:14:32 16,896 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnsvr.exe

+ 2002-12-11 22:14:32 26,624 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnsvr.exe

- 2002-12-11 22:14:32 80,896 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvsetup.exe

+ 2002-12-11 22:14:32 90,624 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvsetup.exe

- 2003-05-30 07:00:02 937,984 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe

+ 2003-05-30 07:00:02 950,272 ----a-w C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe

- 2002-12-20 11:06:00 3,366,912 ----a-w C:\WINDOWS\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe

+ 2002-12-20 11:06:00 3,376,640 ----a-w C:\WINDOWS\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe

- 2006-02-27 12:26:06 56,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0db9ceebd733e00feda6dbf9eb4e1423\msimn.exe

- 2006-02-27 12:26:06 56,320 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0db9ceebd733e00feda6dbf9eb4e1423\oemig50.exe

- 2006-02-27 12:26:08 43,008 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0db9ceebd733e00feda6dbf9eb4e1423\wab.exe

- 2006-02-27 11:31:42 27,648 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0db9ceebd733e00feda6dbf9eb4e1423\wabmig.exe

- 2005-07-22 23:03:37 7,680 ----a-w C:\WINDOWS\SoftwareDistribution\Download\3188777c1d0f0fe2d51bfb880967bbb8\sp1qfe\migregdb.exe

- 2002-08-30 12:00:00 8,192 ----a-w C:\WINDOWS\system32\Com\comrepl.exe

+ 2002-08-30 12:00:00 17,920 ----a-w C:\WINDOWS\system32\Com\comrepl.exe

- 2008-04-12 15:23:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-04-12 18:22:44 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-04-12 15:23:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-04-12 18:22:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

- 2008-04-12 15:23:07 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-12 18:22:44 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-12 14:23:30 40,448 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K5A3CH2R\unpr[1].exe

+ 2008-04-12 14:23:30 50,176 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K5A3CH2R\unpr[1].exe

+ 2008-04-12 18:23:24 40,448 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S12VKLIR\unpr[1].exe

- 2002-11-27 09:55:52 185,344 -c--a-w C:\WINDOWS\system32\dllcache\accwiz.exe

+ 2002-11-27 09:55:52 195,072 -c--a-w C:\WINDOWS\system32\dllcache\accwiz.exe

- 2002-08-30 12:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\actmovie.exe

+ 2002-08-30 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\actmovie.exe

- 2002-05-14 10:08:54 16,439 ----a-w C:\WINDOWS\system32\dllcache\admin.exe

+ 2002-05-14 10:08:54 28,727 ----a-w C:\WINDOWS\system32\dllcache\admin.exe

- 2002-08-30 12:00:00 235,008 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe

+ 2002-08-30 12:00:00 244,736 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe

- 2002-08-30 12:00:00 91,648 -c--a-w C:\WINDOWS\system32\dllcache\ahui.exe

+ 2002-08-30 12:00:00 101,376 -c--a-w C:\WINDOWS\system32\dllcache\ahui.exe

- 2002-08-30 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\alg.exe

+ 2002-08-30 12:00:00 51,712 -c--a-w C:\WINDOWS\system32\dllcache\alg.exe

- 2002-08-30 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\arp.exe

+ 2002-08-30 12:00:00 29,696 -c--a-w C:\WINDOWS\system32\dllcache\arp.exe

- 2002-08-30 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\at.exe

+ 2002-08-30 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\at.exe

- 2002-08-30 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\atmadm.exe

+ 2002-08-30 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\atmadm.exe

- 2002-08-30 12:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\attrib.exe

+ 2002-08-30 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\attrib.exe

- 2002-05-14 10:08:54 16,439 ----a-w C:\WINDOWS\system32\dllcache\author.exe

+ 2002-05-14 10:08:54 28,727 ----a-w C:\WINDOWS\system32\dllcache\author.exe

- 2002-08-30 12:00:00 42,577 -c--a-w C:\WINDOWS\system32\dllcache\bckgzm.exe

+ 2002-08-30 12:00:00 52,305 -c--a-w C:\WINDOWS\system32\dllcache\bckgzm.exe

- 2002-08-30 12:00:00 4,608 -c--a-w C:\WINDOWS\system32\dllcache\bootok.exe

+ 2002-08-30 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\bootok.exe

- 2002-08-30 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\bootvrfy.exe

+ 2002-08-30 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\bootvrfy.exe

- 2002-08-30 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\cacls.exe

+ 2002-08-30 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\cacls.exe

- 2002-08-30 12:00:00 115,200 -c--a-w C:\WINDOWS\system32\dllcache\calc.exe

+ 2002-08-30 12:00:00 124,928 -c--a-w C:\WINDOWS\system32\dllcache\calc.exe

- 2002-08-30 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\cb32.exe

+ 2002-08-30 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\cb32.exe

- 2002-05-14 10:08:54 188,480 ----a-w C:\WINDOWS\system32\dllcache\cfgwiz.exe

+ 2002-05-14 10:08:54 200,768 ----a-w C:\WINDOWS\system32\dllcache\cfgwiz.exe

- 2002-08-30 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\change.exe

+ 2002-08-30 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\change.exe

- 2002-08-30 12:00:00 80,896 -c--a-w C:\WINDOWS\system32\dllcache\charmap.exe

+ 2002-08-30 12:00:00 90,624 -c--a-w C:\WINDOWS\system32\dllcache\charmap.exe

- 2002-08-30 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\chglogon.exe

+ 2002-08-30 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\chglogon.exe

- 2002-08-30 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\chgport.exe

+ 2002-08-30 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\chgport.exe

- 2002-08-30 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\chgusr.exe

+ 2002-08-30 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\chgusr.exe

- 2002-08-30 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\chkdsk.exe

+ 2002-08-30 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\chkdsk.exe

- 2002-08-30 12:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\chkntfs.exe

+ 2002-08-30 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\chkntfs.exe

- 2002-08-30 12:00:00 42,575 -c--a-w C:\WINDOWS\system32\dllcache\chkrzm.exe

+ 2002-08-30 12:00:00 52,303 -c--a-w C:\WINDOWS\system32\dllcache\chkrzm.exe

- 2002-08-30 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\cidaemon.exe

+ 2002-08-30 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\cidaemon.exe

- 2002-08-30 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\cisvc.exe

+ 2002-08-30 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\cisvc.exe

- 2002-08-30 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\ckcnv.exe

+ 2002-08-30 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\ckcnv.exe

- 2002-08-30 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\cleanmgr.exe

+ 2002-08-30 12:00:00 72,704 -c--a-w C:\WINDOWS\system32\dllcache\cleanmgr.exe

- 2002-08-30 12:00:00 100,352 -c--a-w C:\WINDOWS\system32\dllcache\clipbrd.exe

+ 2002-08-30 12:00:00 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clipbrd.exe

- 2002-08-30 12:00:00 30,720 -c--a-w C:\WINDOWS\system32\dllcache\clipsrv.exe

+ 2002-08-30 12:00:00 40,448 -c--a-w C:\WINDOWS\system32\dllcache\clipsrv.exe

- 2002-08-30 12:00:00 388,096 -c--a-w C:\WINDOWS\system32\dllcache\cmd.exe

+ 2002-08-30 12:00:00 397,824 -c--a-w C:\WINDOWS\system32\dllcache\cmd.exe

- 2002-08-30 12:00:00 41,472 -c--a-w C:\WINDOWS\system32\dllcache\cmdl32.exe

+ 2002-08-30 12:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\cmdl32.exe

- 2002-08-30 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\cmmon32.exe

+ 2002-08-30 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\cmmon32.exe

- 2002-08-30 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\cmstp.exe

+ 2002-08-30 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\cmstp.exe

- 2002-08-30 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\comp.exe

+ 2002-08-30 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\comp.exe

- 2002-08-30 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\compact.exe

+ 2002-08-30 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\compact.exe

- 2002-08-30 12:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\comrepl.exe

+ 2002-08-30 12:00:00 17,920 ----a-w C:\WINDOWS\system32\dllcache\comrepl.exe

- 2002-08-30 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\comrereg.exe

+ 2002-08-30 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\comrereg.exe

- 2002-08-30 12:00:00 1,007,616 -c--a-w C:\WINDOWS\system32\dllcache\conf.exe

+ 2002-08-30 12:00:00 1,019,904 -c--a-w C:\WINDOWS\system32\dllcache\conf.exe

- 2002-08-30 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\conime.exe

+ 2002-08-30 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\conime.exe

- 2002-08-30 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\control.exe

+ 2002-08-30 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\control.exe

- 2002-08-30 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\convert.exe

+ 2002-08-30 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\convert.exe

- 2002-08-30 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\cprofile.exe

+ 2002-08-30 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\cprofile.exe

- 2002-08-30 12:00:00 102,450 -c--a-w C:\WINDOWS\system32\dllcache\cscript.exe

+ 2002-08-30 12:00:00 114,738 -c--a-w C:\WINDOWS\system32\dllcache\cscript.exe

- 2002-08-30 12:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe

+ 2002-08-30 12:00:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe

- 2002-08-30 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\dcomcnfg.exe

+ 2002-08-30 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\dcomcnfg.exe

- 2002-08-30 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\ddeshare.exe

+ 2002-08-30 12:00:00 38,400 -c--a-w C:\WINDOWS\system32\dllcache\ddeshare.exe

- 2002-08-30 12:00:00 70,656 -c--a-w C:\WINDOWS\system32\dllcache\defrag.exe

+ 2002-08-30 12:00:00 80,384 -c--a-w C:\WINDOWS\system32\dllcache\defrag.exe

- 2002-08-30 12:00:00 76,288 -c--a-w C:\WINDOWS\system32\dllcache\dfrgfat.exe

+ 2002-08-30 12:00:00 86,016 -c--a-w C:\WINDOWS\system32\dllcache\dfrgfat.exe

- 2002-08-30 12:00:00 99,328 -c--a-w C:\WINDOWS\system32\dllcache\dfrgntfs.exe

+ 2002-08-30 12:00:00 109,056 -c--a-w C:\WINDOWS\system32\dllcache\dfrgntfs.exe

- 2002-08-30 12:00:00 531,456 -c--a-w C:\WINDOWS\system32\dllcache\dialer.exe

+ 2002-08-30 12:00:00 541,184 -c--a-w C:\WINDOWS\system32\dllcache\dialer.exe

- 2002-08-30 12:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\diantz.exe

+ 2002-08-30 12:00:00 89,088 -c--a-w C:\WINDOWS\system32\dllcache\diantz.exe

- 2002-08-30 12:00:00 150,016 -c--a-w C:\WINDOWS\system32\dllcache\diskpart.exe

+ 2002-08-30 12:00:00 159,744 -c--a-w C:\WINDOWS\system32\dllcache\diskpart.exe

- 2002-08-30 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\diskperf.exe

+ 2002-08-30 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\diskperf.exe

- 2002-08-30 12:00:00 294,912 -c--a-w C:\WINDOWS\system32\dllcache\dlimport.exe

+ 2002-08-30 12:00:00 307,200 -c--a-w C:\WINDOWS\system32\dllcache\dlimport.exe

- 2002-08-30 12:00:00 4,608 -c--a-w C:\WINDOWS\system32\dllcache\dllhost.exe

+ 2002-08-30 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\dllhost.exe

- 2002-08-30 12:00:00 4,608 -c--a-w C:\WINDOWS\system32\dllcache\dllhst3g.exe

+ 2002-08-30 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\dllhst3g.exe

- 2002-08-30 12:00:00 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dmadmin.exe

+ 2002-08-30 12:00:00 215,040 -c--a-w C:\WINDOWS\system32\dllcache\dmadmin.exe

- 2002-08-30 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\doskey.exe

+ 2002-08-30 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\doskey.exe

- 2002-12-11 22:14:32 28,160 ----a-w C:\WINDOWS\system32\dllcache\dplaysvr.exe

+ 2002-12-11 22:14:32 37,888 ----a-w C:\WINDOWS\system32\dllcache\dplaysvr.exe

- 2002-12-11 22:14:32 16,896 ----a-w C:\WINDOWS\system32\dllcache\dpnsvr.exe

+ 2002-12-11 22:14:32 26,624 ----a-w C:\WINDOWS\system32\dllcache\dpnsvr.exe

- 2002-12-11 22:14:32 80,896 ----a-w C:\WINDOWS\system32\dllcache\dpvsetup.exe

+ 2002-12-11 22:14:32 90,624 ----a-w C:\WINDOWS\system32\dllcache\dpvsetup.exe

- 2002-08-30 12:00:00 47,104 -c--a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe

+ 2002-08-30 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe

- 2002-08-30 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\dumprep.exe

+ 2002-08-30 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\dumprep.exe

- 2002-08-30 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\dvdupgrd.exe

+ 2002-08-30 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\dvdupgrd.exe

- 2003-06-09 12:06:08 180,224 -c--a-w C:\WINDOWS\system32\dllcache\dwwin.exe

+ 2003-06-09 12:06:08 192,512 -c--a-w C:\WINDOWS\system32\dllcache\dwwin.exe

- 2004-07-09 02:27:28 974,848 ----a-w C:\WINDOWS\system32\dllcache\dxdiag.exe

+ 2004-07-09 02:27:28 987,136 ----a-w C:\WINDOWS\system32\dllcache\dxdiag.exe

- 2002-08-30 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\esentutl.exe

+ 2002-08-30 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\esentutl.exe

- 2002-08-30 12:00:00 180,736 -c--a-w C:\WINDOWS\system32\dllcache\eudcedit.exe

+ 2002-08-30 12:00:00 190,464 -c--a-w C:\WINDOWS\system32\dllcache\eudcedit.exe

- 2002-08-30 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\eventvwr.exe

+ 2002-08-30 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\eventvwr.exe

- 2002-08-30 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\evntcmd.exe

+ 2002-08-30 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\evntcmd.exe

- 2002-08-30 12:00:00 87,552 -c--a-w C:\WINDOWS\system32\dllcache\evntwin.exe

+ 2002-08-30 12:00:00 97,280 -c--a-w C:\WINDOWS\system32\dllcache\evntwin.exe

- 2001-08-23 15:47:44 23,040 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe

+ 2001-08-23 15:47:44 32,768 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe

- 2002-08-30 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\expand.exe

+ 2002-08-30 12:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\expand.exe

- 2002-08-30 12:00:00 40,960 -c--a-w C:\WINDOWS\system32\dllcache\extrac32.exe

+ 2002-08-30 12:00:00 50,688 -c--a-w C:\WINDOWS\system32\dllcache\extrac32.exe

- 2002-08-30 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\fc.exe

+ 2002-08-30 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\fc.exe

- 2002-08-30 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\find.exe

+ 2002-08-30 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\find.exe

- 2002-08-30 12:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\findstr.exe

+ 2002-08-30 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\findstr.exe

- 2002-08-30 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\finger.exe

+ 2002-08-30 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\finger.exe

- 2002-08-30 12:00:00 3,072 -c--a-w C:\WINDOWS\system32\dllcache\fixmapi.exe

+ 2002-08-30 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\fixmapi.exe

- 2002-08-30 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\flattemp.exe

+ 2002-08-30 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\flattemp.exe

- 2002-08-30 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\fontview.exe

+ 2002-08-30 12:00:00 29,696 -c--a-w C:\WINDOWS\system32\dllcache\fontview.exe

- 2002-08-30 12:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\forcedos.exe

+ 2002-08-30 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\forcedos.exe

- 2002-05-14 10:08:54 14,608 ----a-w C:\WINDOWS\system32\dllcache\fp98sadm.exe

+ 2002-05-14 10:08:54 24,336 ----a-w C:\WINDOWS\system32\dllcache\fp98sadm.exe

- 2002-05-14 10:08:54 109,328 ----a-w C:\WINDOWS\system32\dllcache\fp98swin.exe

+ 2002-05-14 10:08:54 119,056 ----a-w C:\WINDOWS\system32\dllcache\fp98swin.exe

- 2002-05-14 10:08:54 24,632 ----a-w C:\WINDOWS\system32\dllcache\fpadmcgi.exe

+ 2002-05-14 10:08:54 36,920 ----a-w C:\WINDOWS\system32\dllcache\fpadmcgi.exe

- 2002-05-14 10:08:54 188,494 ----a-w C:\WINDOWS\system32\dllcache\fpcount.exe

+ 2002-05-14 10:08:54 200,782 ----a-w C:\WINDOWS\system32\dllcache\fpcount.exe

- 2002-05-14 10:08:54 20,538 ----a-w C:\WINDOWS\system32\dllcache\fpremadm.exe

+ 2002-05-14 10:08:54 32,826 ----a-w C:\WINDOWS\system32\dllcache\fpremadm.exe

- 2002-08-30 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\freecell.exe

+ 2002-08-30 12:00:00 65,536 -c--a-w C:\WINDOWS\system32\dllcache\freecell.exe

- 2002-08-30 12:00:00 61,952 -c--a-w C:\WINDOWS\system32\dllcache\fsutil.exe

+ 2002-08-30 12:00:00 71,680 -c--a-w C:\WINDOWS\system32\dllcache\fsutil.exe

- 2002-08-30 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe

+ 2002-08-30 12:00:00 53,760 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe

- 2002-08-30 12:00:00 130,048 -c--a-w C:\WINDOWS\system32\dllcache\fxsclnt.exe

+ 2002-08-30 12:00:00 139,776 -c--a-w C:\WINDOWS\system32\dllcache\fxsclnt.exe

- 2002-08-30 12:00:00 225,280 -c--a-w C:\WINDOWS\system32\dllcache\fxscover.exe

+ 2002-08-30 12:00:00 235,008 -c--a-w C:\WINDOWS\system32\dllcache\fxscover.exe

- 2002-08-30 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\fxssend.exe

+ 2002-08-30 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\fxssend.exe

- 2002-08-30 12:00:00 251,392 -c--a-w C:\WINDOWS\system32\dllcache\fxssvc.exe

+ 2002-08-30 12:00:00 261,120 -c--a-w C:\WINDOWS\system32\dllcache\fxssvc.exe

- 2002-08-30 12:00:00 37,888 ----a-w C:\WINDOWS\system32\dllcache\grpconv.exe

+ 2002-08-30 12:00:00 47,616 ----a-w C:\WINDOWS\system32\dllcache\grpconv.exe

- 2002-08-30 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\help.exe

+ 2002-08-30 12:00:00 26,112 -c--a-w C:\WINDOWS\system32\dllcache\help.exe

- 2002-08-30 12:00:00 742,400 ----a-w C:\WINDOWS\system32\dllcache\helpctr.exe

+ 2002-08-30 12:00:00 752,128 ----a-w C:\WINDOWS\system32\dllcache\helpctr.exe

- 2002-08-30 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\helphost.exe

+ 2002-08-30 12:00:00 109,568 -c--a-w C:\WINDOWS\system32\dllcache\helphost.exe

- 2002-08-30 12:00:00 703,488 -c--a-w C:\WINDOWS\system32\dllcache\helpsvc.exe

+ 2002-08-30 12:00:00 713,216 -c--a-w C:\WINDOWS\system32\dllcache\helpsvc.exe

- 2005-05-25 22:44:31 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe

+ 2005-05-25 22:44:31 20,480 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe

- 2002-08-30 12:00:00 42,573 -c--a-w C:\WINDOWS\system32\dllcache\hrtzzm.exe

+ 2002-08-30 12:00:00 52,301 -c--a-w C:\WINDOWS\system32\dllcache\hrtzzm.exe

- 2002-08-30 12:00:00 212,992 -c--a-w C:\WINDOWS\system32\dllcache\icwconn1.exe

+ 2002-08-30 12:00:00 222,720 -c--a-w C:\WINDOWS\system32\dllcache\icwconn1.exe

- 2002-08-30 12:00:00 77,824 -c--a-w C:\WINDOWS\system32\dllcache\icwconn2.exe

+ 2002-08-30 12:00:00 90,112 -c--a-w C:\WINDOWS\system32\dllcache\icwconn2.exe

- 2002-08-30 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\icwrmind.exe

+ 2002-08-30 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\icwrmind.exe

- 2002-08-30 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\icwtutor.exe

+ 2002-08-30 12:00:00 86,016 -c--a-w C:\WINDOWS\system32\dllcache\icwtutor.exe

- 2002-08-30 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2002-08-30 12:00:00 38,400 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2002-08-30 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\iexpress.exe

+ 2002-08-30 12:00:00 109,568 -c--a-w C:\WINDOWS\system32\dllcache\iexpress.exe

- 2002-08-30 12:00:00 123,904 -c--a-w C:\WINDOWS\system32\dllcache\imapi.exe

+ 2002-08-30 12:00:00 133,632 -c--a-w C:\WINDOWS\system32\dllcache\imapi.exe

- 2002-08-30 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\inetwiz.exe

+ 2002-08-30 12:00:00 32,768 -c--a-w C:\WINDOWS\system32\dllcache\inetwiz.exe

- 2002-08-30 12:00:00 54,272 -c--a-w C:\WINDOWS\system32\dllcache\ipconfig.exe

+ 2002-08-30 12:00:00 64,000 -c--a-w C:\WINDOWS\system32\dllcache\ipconfig.exe

- 2002-08-30 12:00:00 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ipsec6.exe

+ 2002-08-30 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\ipsec6.exe

- 2006-08-16 12:12:34 49,152 -c--a-w C:\WINDOWS\system32\dllcache\ipv6.exe

+ 2006-08-16 12:12:34 58,880 -c--a-w C:\WINDOWS\system32\dllcache\ipv6.exe

- 2002-08-30 12:00:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\ipxroute.exe

+ 2002-08-30 12:00:00 32,768 -c--a-w C:\WINDOWS\system32\dllcache\ipxroute.exe

- 2002-08-30 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\isignup.exe

+ 2002-08-30 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\isignup.exe

- 2002-08-30 12:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\label.exe

+ 2002-08-30 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\label.exe

- 2002-08-30 12:00:00 30,208 -c--a-w C:\WINDOWS\system32\dllcache\lights.exe

+ 2002-08-30 12:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\lights.exe

- 2002-08-30 12:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\lnkstub.exe

+ 2002-08-30 12:00:00 36,352 -c--a-w C:\WINDOWS\system32\dllcache\lnkstub.exe

- 2002-12-03 16:50:10 68,608 -c--a-w C:\WINDOWS\system32\dllcache\locator.exe

+ 2002-12-03 16:50:10 78,336 -c--a-w C:\WINDOWS\system32\dllcache\locator.exe

- 2002-08-30 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\lodctr.exe

+ 2002-08-30 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\lodctr.exe

- 2002-12-11 14:04:20 81,408 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe

+ 2002-12-11 14:04:20 91,136 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe

- 2002-08-30 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\logoff.exe

+ 2002-08-30 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\logoff.exe

- 2002-08-30 12:00:00 220,672 -c--a-w C:\WINDOWS\system32\dllcache\logon.scr

+ 2002-08-30 12:00:00 230,400 -c--a-w C:\WINDOWS\system32\dllcache\logon.scr

- 2002-08-30 12:00:00 505,344 -c--a-w C:\WINDOWS\system32\dllcache\logonui.exe

+ 2002-08-30 12:00:00 515,072 -c--a-w C:\WINDOWS\system32\dllcache\logonui.exe

- 2002-08-30 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\lpq.exe

+ 2002-08-30 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\lpq.exe

- 2002-08-30 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\lpr.exe

+ 2002-08-30 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\lpr.exe

- 2002-08-30 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe

+ 2002-08-30 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe

- 2002-11-27 09:55:52 68,096 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe

+ 2002-11-27 09:55:52 77,824 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe

- 2002-08-30 12:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\makecab.exe

+ 2002-08-30 12:00:00 89,088 -c--a-w C:\WINDOWS\system32\dllcache\makecab.exe

- 2002-08-30 12:00:00 34,816 -c--a-w C:\WINDOWS\system32\dllcache\migisol.exe

+ 2002-08-30 12:00:00 44,544 -c--a-w C:\WINDOWS\system32\dllcache\migisol.exe

- 2002-08-30 12:00:00 99,328 -c--a-w C:\WINDOWS\system32\dllcache\migload.exe

+ 2002-08-30 12:00:00 109,056 -c--a-w C:\WINDOWS\system32\dllcache\migload.exe

- 2002-08-30 12:00:00 6,656 ----a-w C:\WINDOWS\system32\dllcache\migregdb.exe

+ 2002-08-30 12:00:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\migregdb.exe

- 2002-11-27 09:56:22 237,056 -c--a-w C:\WINDOWS\system32\dllcache\migwiz.exe

+ 2002-11-27 09:56:22 246,784 -c--a-w C:\WINDOWS\system32\dllcache\migwiz.exe

- 2002-08-30 12:00:00 233,472 -c--a-w C:\WINDOWS\system32\dllcache\migwiz_a.exe

+ 2002-08-30 12:00:00 243,200 -c--a-w C:\WINDOWS\system32\dllcache\migwiz_a.exe

- 2002-08-30 12:00:00 775,168 -c--a-w C:\WINDOWS\system32\dllcache\mmc.exe

+ 2002-08-30 12:00:00 784,896 -c--a-w C:\WINDOWS\system32\dllcache\mmc.exe

- 2002-08-30 12:00:00 32,768 -c--a-w C:\WINDOWS\system32\dllcache\mnmsrvc.exe

+ 2002-08-30 12:00:00 45,056 -c--a-w C:\WINDOWS\system32\dllcache\mnmsrvc.exe

- 2002-08-30 12:00:00 136,192 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.exe

+ 2002-08-30 12:00:00 145,920 -c--a-w C:\WINDOWS\system32\dllcache\mobsync.exe

- 2002-08-30 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\mofcomp.exe

+ 2002-08-30 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\mofcomp.exe

- 2002-08-30 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\mountvol.exe

+ 2002-08-30 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\mountvol.exe

- 2002-08-30 12:00:00 806,969 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe

+ 2002-08-30 12:00:00 819,257 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe

- 2002-08-30 12:00:00 118,272 -c--a-w C:\WINDOWS\system32\dllcache\mplay32.exe

+ 2002-08-30 12:00:00 128,000 -c--a-w C:\WINDOWS\system32\dllcache\mplay32.exe

- 2002-08-30 12:00:00 4,639 -c--a-w C:\WINDOWS\system32\dllcache\mplayer2.exe

+ 2002-08-30 12:00:00 14,367 -c--a-w C:\WINDOWS\system32\dllcache\mplayer2.exe

- 2002-08-30 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\mpnotify.exe

+ 2002-08-30 12:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\mpnotify.exe

- 2002-08-30 12:00:00 147,968 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe

+ 2002-08-30 12:00:00 157,696 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe

- 2002-08-30 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\msdtc.exe

+ 2002-08-30 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\msdtc.exe

- 2002-08-30 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\msg.exe

+ 2002-08-30 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\msg.exe

- 2002-08-30 12:00:00 128,000 -c--a-w C:\WINDOWS\system32\dllcache\mshearts.exe

+ 2002-08-30 12:00:00 137,728 -c--a-w C:\WINDOWS\system32\dllcache\mshearts.exe

- 2002-08-30 12:00:00 24,064 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe

+ 2002-08-30 12:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe

- 2005-05-04 12:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe

+ 2005-05-04 12:45:36 88,576 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe

- 2002-10-23 14:51:14 56,832 ----a-w C:\WINDOWS\system32\dllcache\MSIMN.EXE

+ 2002-10-23 14:51:14 66,560 ----a-w C:\WINDOWS\system32\dllcache\MSIMN.EXE

- 2002-08-30 12:00:00 40,448 -c--a-w C:\WINDOWS\system32\dllcache\msinfo32.exe

+ 2002-08-30 12:00:00 50,176 -c--a-w C:\WINDOWS\system32\dllcache\msinfo32.exe

- 2002-08-30 12:00:00 34,816 -c--a-w C:\WINDOWS\system32\dllcache\msiregmv.exe

+ 2002-08-30 12:00:00 44,544 -c--a-w C:\WINDOWS\system32\dllcache\msiregmv.exe

- 2002-08-30 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\msoobe.exe

+ 2002-08-30 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\msoobe.exe

- 2002-08-30 12:00:00 344,576 -c--a-w C:\WINDOWS\system32\dllcache\mspaint.exe

+ 2002-08-30 12:00:00 354,304 -c--a-w C:\WINDOWS\system32\dllcache\mspaint.exe

- 2002-08-30 12:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\msswchx.exe

+ 2002-08-30 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\msswchx.exe

- 2002-08-30 12:00:00 9,728 ----a-w C:\WINDOWS\system32\dllcache\mstinit.exe

+ 2002-08-30 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\mstinit.exe

- 2002-08-30 12:00:00 393,216 -c--a-w C:\WINDOWS\system32\dllcache\mstsc.exe

+ 2002-08-30 12:00:00 402,944 -c--a-w C:\WINDOWS\system32\dllcache\mstsc.exe

- 2002-11-27 09:55:54 52,736 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe

+ 2002-11-27 09:55:54 62,464 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe

- 2002-08-30 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\nbtstat.exe

+ 2002-08-30 12:00:00 31,232 -c--a-w C:\WINDOWS\system32\dllcache\nbtstat.exe

- 2002-08-30 12:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\nddeapir.exe

+ 2002-08-30 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\nddeapir.exe

- 2002-08-30 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\net.exe

+ 2002-08-30 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\net.exe

- 2002-08-30 12:00:00 115,200 -c--a-w C:\WINDOWS\system32\dllcache\net1.exe

+ 2002-08-30 12:00:00 124,928 -c--a-w C:\WINDOWS\system32\dllcache\net1.exe

- 2002-08-30 12:00:00 109,056 ----a-w C:\WINDOWS\system32\dllcache\netdde.exe

+ 2002-08-30 12:00:00 118,784 ----a-w C:\WINDOWS\system32\dllcache\netdde.exe

- 2006-08-16 12:12:31 86,016 -c--a-w C:\WINDOWS\system32\dllcache\netsh.exe

+ 2006-08-16 12:12:31 95,744 -c--a-w C:\WINDOWS\system32\dllcache\netsh.exe

- 2002-08-30 12:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\netstat.exe

+ 2002-08-30 12:00:00 41,472 -c--a-w C:\WINDOWS\system32\dllcache\netstat.exe

- 2002-08-30 12:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\notepad.exe

+ 2002-08-30 12:00:00 77,312 -c--a-w C:\WINDOWS\system32\dllcache\notepad.exe

- 2002-08-30 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\notiflag.exe

+ 2002-08-30 12:00:00 45,056 -c--a-w C:\WINDOWS\system32\dllcache\notiflag.exe

- 2002-08-30 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\nppagent.exe

+ 2002-08-30 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\nppagent.exe

- 2002-08-30 12:00:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\nslookup.exe

+ 2002-08-30 12:00:00 83,968 -c--a-w C:\WINDOWS\system32\dllcache\nslookup.exe

- 2002-08-30 12:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\ntsd.exe

+ 2002-08-30 12:00:00 41,472 -c--a-w C:\WINDOWS\system32\dllcache\ntsd.exe

- 2002-08-30 12:00:00 396,800 ----a-w C:\WINDOWS\system32\dllcache\ntvdm.exe

+ 2002-08-30 12:00:00 406,528 ----a-w C:\WINDOWS\system32\dllcache\ntvdm.exe

- 2002-08-30 12:00:00 32,768 -c--a-w C:\WINDOWS\system32\dllcache\odbcad32.exe

+ 2002-08-30 12:00:00 45,056 -c--a-w C:\WINDOWS\system32\dllcache\odbcad32.exe

- 2002-08-30 12:00:00 53,248 -c--a-w C:\WINDOWS\system32\dllcache\odbcconf.exe

+ 2002-08-30 12:00:00 65,536 -c--a-w C:\WINDOWS\system32\dllcache\odbcconf.exe

- 2002-10-23 14:51:20 56,320 ----a-w C:\WINDOWS\system32\dllcache\OEMIG50.EXE

+ 2002-10-23 14:51:20 66,048 ----a-w C:\WINDOWS\system32\dllcache\OEMIG50.EXE

- 2002-08-30 12:00:00 50,176 -c--a-w C:\WINDOWS\system32\dllcache\oobebaln.exe

+ 2002-08-30 12:00:00 59,904 -c--a-w C:\WINDOWS\system32\dllcache\oobebaln.exe

- 2002-11-27 09:55:56 213,504 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe

+ 2002-11-27 09:55:56 223,232 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe

- 2002-08-30 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\osuninst.exe

+ 2002-08-30 12:00:00 51,712 -c--a-w C:\WINDOWS\system32\dllcache\osuninst.exe

- 2002-08-30 12:00:00 54,784 -c--a-w C:\WINDOWS\system32\dllcache\packager.exe

+ 2002-08-30 12:00:00 64,512 -c--a-w C:\WINDOWS\system32\dllcache\packager.exe

- 2002-08-30 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\pathping.exe

+ 2002-08-30 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\pathping.exe

- 2002-08-30 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\pentnt.exe

+ 2002-08-30 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\pentnt.exe

- 2002-08-30 12:00:00 275,968 -c--a-w C:\WINDOWS\system32\dllcache\pinball.exe

+ 2002-08-30 12:00:00 285,696 -c--a-w C:\WINDOWS\system32\dllcache\pinball.exe

- 2002-08-30 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\ping.exe

+ 2002-08-30 12:00:00 27,648 -c--a-w C:\WINDOWS\system32\dllcache\ping.exe

- 2002-08-30 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ping6.exe

+ 2002-08-30 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\ping6.exe

- 2002-08-30 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\print.exe

+ 2002-08-30 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\print.exe

- 2002-08-30 12:00:00 208,896 -c--a-w C:\WINDOWS\system32\dllcache\progman.exe

+ 2002-08-30 12:00:00 218,624 -c--a-w C:\WINDOWS\system32\dllcache\progman.exe

- 2002-08-30 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\proquota.exe

+ 2002-08-30 12:00:00 55,296 -c--a-w C:\WINDOWS\system32\dllcache\proquota.exe

- 2002-08-30 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\qappsrv.exe

+ 2002-08-30 12:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\qappsrv.exe

- 2002-08-30 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\qprocess.exe

+ 2002-08-30 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\qprocess.exe

- 2002-08-30 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\query.exe

+ 2002-08-30 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\query.exe

- 2002-08-30 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\quser.exe

+ 2002-08-30 12:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\quser.exe

- 2002-08-30 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\qwinsta.exe

+ 2002-08-30 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\qwinsta.exe

- 2002-08-30 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\rasautou.exe

+ 2002-08-30 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\rasautou.exe

- 2002-08-30 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\rasdial.exe

+ 2002-08-30 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\rasdial.exe

- 2002-08-30 12:00:00 54,784 -c--a-w C:\WINDOWS\system32\dllcache\rasphone.exe

+ 2002-08-30 12:00:00 64,512 -c--a-w C:\WINDOWS\system32\dllcache\rasphone.exe

- 2002-08-30 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\rcimlby.exe

+ 2002-08-30 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\rcimlby.exe

- 2002-08-30 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\rcp.exe

+ 2002-08-30 12:00:00 31,232 -c--a-w C:\WINDOWS\system32\dllcache\rcp.exe

- 2002-08-30 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\rdpclip.exe

+ 2002-08-30 12:00:00 53,760 -c--a-w C:\WINDOWS\system32\dllcache\rdpclip.exe

- 2002-08-30 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\rdsaddin.exe

+ 2002-08-30 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\rdsaddin.exe

- 2002-08-30 12:00:00 61,952 -c--a-w C:\WINDOWS\system32\dllcache\rdshost.exe

+ 2002-08-30 12:00:00 71,680 -c--a-w C:\WINDOWS\system32\dllcache\rdshost.exe

- 2002-08-30 12:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\recover.exe

+ 2002-08-30 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\recover.exe

- 2002-08-30 12:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\reg.exe

+ 2002-08-30 12:00:00 60,928 -c--a-w C:\WINDOWS\system32\dllcache\reg.exe

- 2002-08-30 12:00:00 140,800 -c--a-w C:\WINDOWS\system32\dllcache\regedit.exe

+ 2002-08-30 12:00:00 150,528 -c--a-w C:\WINDOWS\system32\dllcache\regedit.exe

- 2002-08-30 12:00:00 3,584 -c--a-w C:\WINDOWS\system32\dllcache\regedt32.exe

+ 2002-08-30 12:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\regedt32.exe

- 2002-08-30 12:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\regini.exe

+ 2002-08-30 12:00:00 43,520 -c--a-w C:\WINDOWS\system32\dllcache\regini.exe

- 2002-08-30 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\register.exe

+ 2002-08-30 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\register.exe

- 2002-08-30 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\regsvr32.exe

+ 2002-08-30 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\regsvr32.exe

- 2002-08-30 12:00:00 4,608 -c--a-w C:\WINDOWS\system32\dllcache\regwiz.exe

+ 2002-08-30 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\regwiz.exe

- 2002-08-30 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\replace.exe

+ 2002-08-30 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\replace.exe

- 2002-08-30 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\reset.exe

+ 2002-08-30 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\reset.exe

- 2002-08-30 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\rexec.exe

+ 2002-08-30 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\rexec.exe

- 2002-08-30 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\route.exe

+ 2002-08-30 12:00:00 31,232 -c--a-w C:\WINDOWS\system32\dllcache\route.exe

- 2002-08-30 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\routemon.exe

+ 2002-08-30 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\routemon.exe

- 2002-08-30 12:00:00 53,248 -c--a-w C:\WINDOWS\system32\dllcache\rsm.exe

+ 2002-08-30 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\rsm.exe

- 2002-08-30 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\rsmsink.exe

+ 2002-08-30 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\rsmsink.exe

- 2002-08-30 12:00:00 49,664 -c--a-w C:\WINDOWS\system32\dllcache\rsmui.exe

+ 2002-08-30 12:00:00 59,392 -c--a-w C:\WINDOWS\system32\dllcache\rsmui.exe

- 2002-08-30 12:00:00 374,784 -c--a-w C:\WINDOWS\system32\dllcache\rstrui.exe

+ 2002-08-30 12:00:00 384,512 -c--a-w C:\WINDOWS\system32\dllcache\rstrui.exe

- 2002-08-30 12:00:00 132,608 -c--a-w C:\WINDOWS\system32\dllcache\rsvp.exe

+ 2002-08-30 12:00:00 142,336 -c--a-w C:\WINDOWS\system32\dllcache\rsvp.exe

- 2002-08-30 12:00:00 75,264 -c--a-w C:\WINDOWS\system32\dllcache\rtcshare.exe

+ 2002-08-30 12:00:00 84,992 -c--a-w C:\WINDOWS\system32\dllcache\rtcshare.exe

- 2002-08-30 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\runas.exe

+ 2002-08-30 12:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\runas.exe

- 2002-08-30 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\rundll32.exe

+ 2002-08-30 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\rundll32.exe

- 2002-08-30 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\runonce.exe

+ 2002-08-30 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\runonce.exe

- 2002-08-30 12:00:00 42,574 -c--a-w C:\WINDOWS\system32\dllcache\rvsezm.exe

+ 2002-08-30 12:00:00 52,302 -c--a-w C:\WINDOWS\system32\dllcache\rvsezm.exe

- 2002-08-30 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\rwinsta.exe

+ 2002-08-30 12:00:00 26,112 -c--a-w C:\WINDOWS\system32\dllcache\rwinsta.exe

- 2002-08-30 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\sapisvr.exe

+ 2002-08-30 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\sapisvr.exe

- 2002-08-30 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\savedump.exe

+ 2002-08-30 12:00:00 29,696 -c--a-w C:\WINDOWS\system32\dllcache\savedump.exe

- 2002-08-30 12:00:00 31,232 -c--a-w C:\WINDOWS\system32\dllcache\sc.exe

+ 2002-08-30 12:00:00 40,960 -c--a-w C:\WINDOWS\system32\dllcache\sc.exe

- 2002-08-30 12:00:00 97,792 -c--a-w C:\WINDOWS\system32\dllcache\scardsvr.exe

+ 2002-08-30 12:00:00 107,520 -c--a-w C:\WINDOWS\system32\dllcache\scardsvr.exe

- 2002-08-30 12:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\scrcons.exe

+ 2002-08-30 12:00:00 43,520 -c--a-w C:\WINDOWS\system32\dllcache\scrcons.exe

- 2002-08-30 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\scrnsave.scr

+ 2002-08-30 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\scrnsave.scr

- 2002-08-30 12:00:00 72,704 -c--a-w C:\WINDOWS\system32\dllcache\sdbinst.exe

+ 2002-08-30 12:00:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\sdbinst.exe

- 2002-08-30 12:00:00 101,888 -c--a-w C:\WINDOWS\system32\dllcache\services.exe

+ 2002-08-30 12:00:00 111,616 -c--a-w C:\WINDOWS\system32\dllcache\services.exe

- 2002-08-30 12:00:00 130,560 -c--a-w C:\WINDOWS\system32\dllcache\sessmgr.exe

+ 2002-08-30 12:00:00 140,288 -c--a-w C:\WINDOWS\system32\dllcache\sessmgr.exe

- 2002-08-30 12:00:00 30,208 -c--a-w C:\WINDOWS\system32\dllcache\sethc.exe

+ 2002-08-30 12:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\sethc.exe

- 2002-08-30 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\setup.exe

+ 2002-08-30 12:00:00 30,720 -c--a-w C:\WINDOWS\system32\dllcache\setup.exe

- 2002-12-17 13:40:14 753,664 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe

+ 2002-12-17 13:40:14 765,952 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe

- 2002-08-30 12:00:00 68,096 -c--a-w C:\WINDOWS\system32\dllcache\setup50.exe

+ 2002-08-30 12:00:00 77,824 -c--a-w C:\WINDOWS\system32\dllcache\setup50.exe

- 2002-08-30 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\sfc.exe

+ 2002-08-30 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\sfc.exe

- 2002-08-30 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\shadow.exe

+ 2002-08-30 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\shadow.exe

- 2003-05-11 19:13:52 33,792 -c--a-w C:\WINDOWS\system32\dllcache\shmgrate.exe

+ 2003-05-11 19:13:52 43,520 -c--a-w C:\WINDOWS\system32\dllcache\shmgrate.exe

- 2002-08-30 12:00:00 70,656 -c--a-w C:\WINDOWS\system32\dllcache\shrpubw.exe

+ 2002-08-30 12:00:00 80,384 -c--a-w C:\WINDOWS\system32\dllcache\shrpubw.exe

- 2002-05-14 10:08:54 16,437 ----a-w C:\WINDOWS\system32\dllcache\shtml.exe

+ 2002-05-14 10:08:54 28,725 ----a-w C:\WINDOWS\system32\dllcache\shtml.exe

- 2002-08-30 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\shutdown.exe

+ 2002-08-30 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\shutdown.exe

- 2002-08-30 12:00:00 42,573 -c--a-w C:\WINDOWS\system32\dllcache\shvlzm.exe

+ 2002-08-30 12:00:00 52,301 -c--a-w C:\WINDOWS\system32\dllcache\shvlzm.exe

- 2002-08-30 12:00:00 67,072 -c--a-w C:\WINDOWS\system32\dllcache\sigverif.exe

+ 2002-08-30 12:00:00 76,800 -c--a-w C:\WINDOWS\system32\dllcache\sigverif.exe

- 2002-08-30 12:00:00 24,064 -c--a-w C:\WINDOWS\system32\dllcache\skeys.exe

+ 2002-08-30 12:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\skeys.exe

- 2002-08-30 12:00:00 226,304 -c--a-w C:\WINDOWS\system32\dllcache\smi2smir.exe

+ 2002-08-30 12:00:00 236,032 -c--a-w C:\WINDOWS\system32\dllcache\smi2smir.exe

- 2002-08-30 12:00:00 86,528 -c--a-w C:\WINDOWS\system32\dllcache\smlogsvc.exe

+ 2002-08-30 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\smlogsvc.exe

- 2002-08-30 12:00:00 125,952 -c--a-w C:\WINDOWS\system32\dllcache\sndrec32.exe

+ 2002-08-30 12:00:00 135,680 -c--a-w C:\WINDOWS\system32\dllcache\sndrec32.exe

- 2002-08-30 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\sndvol32.exe

+ 2002-08-30 12:00:00 148,992 -c--a-w C:\WINDOWS\system32\dllcache\sndvol32.exe

- 2002-08-30 12:00:00 29,696 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe

+ 2002-08-30 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe

- 2002-08-30 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\snmptrap.exe

+ 2002-08-30 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\snmptrap.exe

- 2002-08-30 12:00:00 57,344 -c--a-w C:\WINDOWS\system32\dllcache\sol.exe

+ 2002-08-30 12:00:00 67,072 -c--a-w C:\WINDOWS\system32\dllcache\sol.exe

- 2002-08-30 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\sort.exe

+ 2002-08-30 12:00:00 34,816 -c--a-w C:\WINDOWS\system32\dllcache\sort.exe

- 2002-08-30 12:00:00 534,528 -c--a-w C:\WINDOWS\system32\dllcache\spider.exe

+ 2002-08-30 12:00:00 544,256 -c--a-w C:\WINDOWS\system32\dllcache\spider.exe

- 2005-06-10 23:55:46 53,248 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe

+ 2005-06-10 23:55:46 62,976 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe

- 2002-08-30 12:00:00 47,104 -c--a-w C:\WINDOWS\system32\dllcache\srdiag.exe

+ 2002-08-30 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\srdiag.exe

- 2002-08-30 12:00:00 671,744 -c--a-w C:\WINDOWS\system32\dllcache\ss3dfo.scr

+ 2002-08-30 12:00:00 684,032 -c--a-w C:\WINDOWS\system32\dllcache\ss3dfo.scr

- 2002-08-30 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\ssbezier.scr

+ 2002-08-30 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\ssbezier.scr

- 2002-08-30 12:00:00 364,544 -c--a-w C:\WINDOWS\system32\dllcache\ssflwbox.scr

+ 2002-08-30 12:00:00 376,832 -c--a-w C:\WINDOWS\system32\dllcache\ssflwbox.scr

- 2002-08-30 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\ssmarque.scr

+ 2002-08-30 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\ssmarque.scr

- 2002-08-30 12:00:00 43,008 -c--a-w C:\WINDOWS\system32\dllcache\ssmypics.scr

+ 2002-08-30 12:00:00 52,736 -c--a-w C:\WINDOWS\system32\dllcache\ssmypics.scr

- 2002-08-30 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\ssmyst.scr

+ 2002-08-30 12:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\ssmyst.scr

- 2002-08-30 12:00:00 569,344 -c--a-w C:\WINDOWS\system32\dllcache\sspipes.scr

+ 2002-08-30 12:00:00 581,632 -c--a-w C:\WINDOWS\system32\dllcache\sspipes.scr

- 2002-08-30 12:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\ssstars.scr

+ 2002-08-30 12:00:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\ssstars.scr

- 2002-08-30 12:00:00 643,072 -c--a-w C:\WINDOWS\system32\dllcache\sstext3d.scr

+ 2002-08-30 12:00:00 655,360 -c--a-w C:\WINDOWS\system32\dllcache\sstext3d.scr

- 2002-08-30 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\stimon.exe

+ 2002-08-30 12:00:00 30,720 -c--a-w C:\WINDOWS\system32\dllcache\stimon.exe

- 2002-08-30 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\subst.exe

+ 2002-08-30 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\subst.exe

- 2002-08-30 12:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\syncapp.exe

+ 2002-08-30 12:00:00 60,928 -c--a-w C:\WINDOWS\system32\dllcache\syncapp.exe

- 2002-08-30 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\syskey.exe

+ 2002-08-30 12:00:00 47,616 -c--a-w C:\WINDOWS\system32\dllcache\syskey.exe

- 2002-08-30 12:00:00 104,960 -c--a-w C:\WINDOWS\system32\dllcache\sysocmgr.exe

+ 2002-08-30 12:00:00 114,688 -c--a-w C:\WINDOWS\system32\dllcache\sysocmgr.exe

- 2002-08-30 12:00:00 3,072 -c--a-w C:\WINDOWS\system32\dllcache\systray.exe

+ 2002-08-30 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\systray.exe

- 2002-08-30 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\taskman.exe

+ 2002-08-30 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\taskman.exe

- 2002-08-30 12:00:00 136,192 -c--a-w C:\WINDOWS\system32\dllcache\taskmgr.exe

+ 2002-08-30 12:00:00 145,920 -c--a-w C:\WINDOWS\system32\dllcache\taskmgr.exe

- 2002-08-30 12:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\tcmsetup.exe

+ 2002-08-30 12:00:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\tcmsetup.exe

- 2002-08-30 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\tcpsvcs.exe

+ 2002-08-30 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\tcpsvcs.exe

- 2002-05-14 10:08:54 32,827 ----a-w C:\WINDOWS\system32\dllcache\tcptest.exe

+ 2002-05-14 10:08:54 45,115 ----a-w C:\WINDOWS\system32\dllcache\tcptest.exe

- 2005-05-11 02:42:13 74,752 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe

+ 2005-05-11 02:42:13 84,480 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe

- 2002-08-30 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe

+ 2002-08-30 12:00:00 27,648 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe

- 2002-08-30 12:00:00 346,624 -c--a-w C:\WINDOWS\system32\dllcache\tourstrt.exe

+ 2002-08-30 12:00:00 356,352 -c--a-w C:\WINDOWS\system32\dllcache\tourstrt.exe

- 2002-08-30 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\tracert.exe

+ 2002-08-30 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\tracert.exe

- 2002-08-30 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\tracert6.exe

+ 2002-08-30 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\tracert6.exe

- 2002-08-30 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\tscon.exe

+ 2002-08-30 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\tscon.exe

- 2002-08-30 12:00:00 40,960 -c--a-w C:\WINDOWS\system32\dllcache\tscupgrd.exe

+ 2002-08-30 12:00:00 50,688 -c--a-w C:\WINDOWS\system32\dllcache\tscupgrd.exe

- 2002-08-30 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\tsdiscon.exe

+ 2002-08-30 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\tsdiscon.exe

- 2002-08-30 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\tskill.exe

+ 2002-08-30 12:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\tskill.exe

- 2002-08-30 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\tsshutdn.exe

+ 2002-08-30 12:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\tsshutdn.exe

- 2002-08-30 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\twunk_32.exe

+ 2002-08-30 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\twunk_32.exe

- 2002-08-30 12:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\unlodctr.exe

+ 2002-08-30 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\unlodctr.exe

- 2002-12-14 15:41:18 192,512 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe

+ 2002-12-14 15:41:18 204,800 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe

- 2002-08-30 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\unsecapp.exe

+ 2002-08-30 12:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\unsecapp.exe

- 2002-08-30 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\uploadm.exe

+ 2002-08-30 12:00:00 148,992 -c--a-w C:\WINDOWS\system32\dllcache\uploadm.exe

- 2002-08-30 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\upnpcont.exe

+ 2002-08-30 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\upnpcont.exe

- 2002-08-30 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\ups.exe

+ 2002-08-30 12:00:00 26,112 -c--a-w C:\WINDOWS\system32\dllcache\ups.exe

- 2002-08-30 12:00:00 47,616 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe

+ 2002-08-30 12:00:00 57,344 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe

- 2002-08-30 12:00:00 102,912 -c--a-w C:\WINDOWS\system32\dllcache\verifier.exe

+ 2002-08-30 12:00:00 112,640 -c--a-w C:\WINDOWS\system32\dllcache\verifier.exe

- 2002-08-30 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\vssadmin.exe

+ 2002-08-30 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\vssadmin.exe

- 2002-08-30 12:00:00 281,088 -c--a-w C:\WINDOWS\system32\dllcache\vssvc.exe

+ 2002-08-30 12:00:00 290,816 -c--a-w C:\WINDOWS\system32\dllcache\vssvc.exe

- 2002-08-30 12:00:00 51,712 -c--a-w C:\WINDOWS\system32\dllcache\w32tm.exe

+ 2002-08-30 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\w32tm.exe

- 2002-10-23 14:51:20 43,008 ----a-w C:\WINDOWS\system32\dllcache\WAB.EXE

+ 2002-10-23 14:51:20 52,736 ----a-w C:\WINDOWS\system32\dllcache\WAB.EXE

- 2002-10-23 14:44:46 27,648 ----a-w C:\WINDOWS\system32\dllcache\WABMIG.EXE

+ 2002-10-23 14:44:46 37,376 ----a-w C:\WINDOWS\system32\dllcache\WABMIG.EXE

- 2002-08-30 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\wb32.exe

+ 2002-08-30 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\wb32.exe

- 2002-08-30 12:00:00 161,280 -c--a-w C:\WINDOWS\system32\dllcache\wbemtest.exe

+ 2002-08-30 12:00:00 171,008 -c--a-w C:\WINDOWS\system32\dllcache\wbemtest.exe

- 2002-08-30 12:00:00 61,952 -c--a-w C:\WINDOWS\system32\dllcache\wextract.exe

+ 2002-08-30 12:00:00 71,680 -c--a-w C:\WINDOWS\system32\dllcache\wextract.exe

- 2002-08-30 12:00:00 419,840 -c--a-w C:\WINDOWS\system32\dllcache\wiaacmgr.exe

+ 2002-08-30 12:00:00 429,568 -c--a-w C:\WINDOWS\system32\dllcache\wiaacmgr.exe

- 2002-08-30 12:00:00 271,360 -c--a-w C:\WINDOWS\system32\dllcache\winhlp32.exe

+ 2002-08-30 12:00:00 281,088 -c--a-w C:\WINDOWS\system32\dllcache\winhlp32.exe

- 2002-08-30 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\winhstb.exe

+ 2002-08-30 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\winhstb.exe

- 2002-08-30 12:00:00 119,808 -c--a-w C:\WINDOWS\system32\dllcache\winmine.exe

+ 2002-08-30 12:00:00 129,536 -c--a-w C:\WINDOWS\system32\dllcache\winmine.exe

- 2002-08-30 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\winmsd.exe

+ 2002-08-30 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\winmsd.exe

- 2002-08-30 12:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\winver.exe

+ 2002-08-30 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\winver.exe

- 2002-08-30 12:00:00 183,808 -c--a-w C:\WINDOWS\system32\dllcache\wmiadap.exe

+ 2002-08-30 12:00:00 193,536 -c--a-w C:\WINDOWS\system32\dllcache\wmiadap.exe

- 2002-08-30 12:00:00 117,248 -c--a-w C:\WINDOWS\system32\dllcache\wmiapsrv.exe

+ 2002-08-30 12:00:00 126,976 -c--a-w C:\WINDOWS\system32\dllcache\wmiapsrv.exe

- 2002-08-30 12:00:00 203,776 -c--a-w C:\WINDOWS\system32\dllcache\wmiprvse.exe

+ 2002-08-30 12:00:00 213,504 -c--a-w C:\WINDOWS\system32\dllcache\wmiprvse.exe

- 2002-12-14 15:41:18 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe

+ 2002-12-14 15:41:18 86,016 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe

- 2002-08-30 12:00:00 204,288 ----a-w C:\WINDOWS\system32\dllcache\wordpad.exe

+ 2002-08-30 12:00:00 214,016 ----a-w C:\WINDOWS\system32\dllcache\wordpad.exe

- 2002-08-30 12:00:00 31,232 -c--a-w C:\WINDOWS\system32\dllcache\wpabaln.exe

+ 2002-08-30 12:00:00 40,960 -c--a-w C:\WINDOWS\system32\dllcache\wpabaln.exe

- 2002-08-30 12:00:00 29,696 -c--a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe

+ 2002-08-30 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe

- 2002-08-30 12:00:00 118,834 -c--a-w C:\WINDOWS\system32\dllcache\wscript.exe

+ 2002-08-30 12:00:00 131,122 -c--a-w C:\WINDOWS\system32\dllcache\wscript.exe

- 2002-08-30 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\xcopy.exe

+ 2002-08-30 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\xcopy.exe

- 2002-08-30 12:00:00 220,672 ----a-w C:\WINDOWS\system32\logon.scr

+ 2002-08-30 12:00:00 230,400 ----a-w C:\WINDOWS\system32\logon.scr

- 2002-08-30 12:00:00 13,824 ----a-w C:\WINDOWS\system32\npp\nppagent.exe

+ 2002-08-30 12:00:00 23,552 ----a-w C:\WINDOWS\system32\npp\nppagent.exe

- 2002-08-30 12:00:00 50,176 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe

+ 2002-08-30 12:00:00 59,904 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe

- 2002-08-30 12:00:00 8,192 ----a-w C:\WINDOWS\system32\scrnsave.scr

+ 2002-08-30 12:00:00 17,920 ----a-w C:\WINDOWS\system32\scrnsave.scr

- 2002-08-30 12:00:00 671,744 ----a-w C:\WINDOWS\system32\ss3dfo.scr

+ 2002-08-30 12:00:00 684,032 ----a-w C:\WINDOWS\system32\ss3dfo.scr

- 2002-08-30 12:00:00 18,944 ----a-w C:\WINDOWS\system32\ssbezier.scr

+ 2002-08-30 12:00:00 28,672 ----a-w C:\WINDOWS\system32\ssbezier.scr

- 2002-08-30 12:00:00 364,544 ----a-w C:\WINDOWS\system32\ssflwbox.scr

+ 2002-08-30 12:00:00 376,832 ----a-w C:\WINDOWS\system32\ssflwbox.scr

- 2002-08-30 12:00:00 19,456 ----a-w C:\WINDOWS\system32\ssmarque.scr

+ 2002-08-30 12:00:00 29,184 ----a-w C:\WINDOWS\system32\ssmarque.scr

- 2002-08-30 12:00:00 43,008 ----a-w C:\WINDOWS\system32\ssmypics.scr

+ 2002-08-30 12:00:00 52,736 ----a-w C:\WINDOWS\system32\ssmypics.scr

- 2002-08-30 12:00:00 17,408 ----a-w C:\WINDOWS\system32\ssmyst.scr

+ 2002-08-30 12:00:00 27,136 ----a-w C:\WINDOWS\system32\ssmyst.scr

- 2002-08-30 12:00:00 569,344 ----a-w C:\WINDOWS\system32\sspipes.scr

+ 2002-08-30 12:00:00 581,632 ----a-w C:\WINDOWS\system32\sspipes.scr

- 2002-08-30 12:00:00 13,312 ----a-w C:\WINDOWS\system32\ssstars.scr

+ 2002-08-30 12:00:00 23,040 ----a-w C:\WINDOWS\system32\ssstars.scr

- 2002-08-30 12:00:00 643,072 ----a-w C:\WINDOWS\system32\sstext3d.scr

+ 2002-08-30 12:00:00 655,360 ----a-w C:\WINDOWS\system32\sstext3d.scr

- 2002-08-30 12:00:00 99,328 ----a-w C:\WINDOWS\system32\usmt\migload.exe

+ 2002-08-30 12:00:00 109,056 ----a-w C:\WINDOWS\system32\usmt\migload.exe

- 2002-08-30 12:00:00 233,472 ----a-w C:\WINDOWS\system32\usmt\migwiz_a.exe

+ 2002-08-30 12:00:00 243,200 ----a-w C:\WINDOWS\system32\usmt\migwiz_a.exe

- 2002-08-30 12:00:00 15,872 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe

+ 2002-08-30 12:00:00 25,600 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe

- 2002-08-30 12:00:00 33,792 ----a-w C:\WINDOWS\system32\wbem\scrcons.exe

+ 2002-08-30 12:00:00 43,520 ----a-w C:\WINDOWS\system32\wbem\scrcons.exe

- 2002-08-30 12:00:00 161,280 ----a-w C:\WINDOWS\system32\wbem\wbemtest.exe

+ 2002-08-30 12:00:00 171,008 ----a-w C:\WINDOWS\system32\wbem\wbemtest.exe

- 2002-08-30 12:00:00 183,808 ----a-w C:\WINDOWS\system32\wbem\wmiadap.exe

+ 2002-08-30 12:00:00 193,536 ----a-w C:\WINDOWS\system32\wbem\wmiadap.exe

- 2002-08-30 12:00:00 203,776 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe

+ 2002-08-30 12:00:00 213,504 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-30 14:00 23040]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCTVOICE"="pctspk.exe" [2002-03-10 15:29 176128 C:\WINDOWS\system32\pctspk.exe]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-06-14 23:32 139264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-06-14 23:32 557056]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 167936]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-11 11:37 262184]

"runner1"="C:\WINDOWS\mrofinu1001186.exe" [2008-04-12 20:24 38400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-30 14:00 23040]

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]

R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]

R3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]

S2 Microsoft Windows TCP Protocol;Microsoft Windows TCP Protocol;"C:\WINDOWS\System32\dllcache\wintcps.exe" []

S2 R54G Wireless Service;R54G Wireless Service;C:\Program Files\Wireless 802.11g Monitor\WLService.exe []

S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-10-16 11:13]

S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe [2002-08-30 14:00]

S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;C:\WINDOWS\System32\DRIVERS\MRVW225.sys [2007-05-11 16:36]

S3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\System32\DRIVERS\rt2571.sys [2004-05-07 14:47]

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-12 20:23:15

Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:

ZwOpenFile

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe

C:\WINDOWS\TEMP\DIL5.tmp

C:\WINDOWS\mrofinu1001186.exexe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-12 20:27:58 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-12 18:27:47

ComboFix2.txt 2008-04-12 15:27:24

ComboFix3.txt 2008-04-12 10:59:21

Pre-Run: 8,219,869,184 octets libres

Post-Run: 8,558,411,776 octets libres

.

2008-04-10 13:46:35 --- E O F ---

et le rapport HJT :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:31:49, on 12/04/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\pctspk.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe

C:\WINDOWS\17PHolmes1001186.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Moniteur WiFi OLITEC.exe.lnk = ?

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207829131775

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe (file missing)

O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe (file missing)

--

End of file - 4822 bytes

Connexion

Pas encore inscrit ?

[Résolu] Mon ordinateur est infecté

Messages recommandés

oGu

dydeline

oGu

dydeline

dydeline

oGu

dydeline

dydeline

oGu

dydeline

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer