Virus présent malgré formatage complet

cycy_ -  
 Utilisateur anonyme -
Bonjour,

j'étais sous vista et j'ai du formater mon pc entierement. En effet, malgré plusieurs scan et la mis en quarentaine des fichiers infectés, les virus revenaient sans cesse. Etrange ce n'était pas mon antivirus qui les détectait mais vista lui meme.

Un ami a moi a formaté mon pc et a installé windows seven, tout semblait parfait, mes tout d'un coup seven a commencé à me mettre les meme message d'erreur que faisait vista, avec les même noms de virus.

Comment est-ce possible sachant qu'on a tout formaté? y a t-il une solution?

Merci pour votre aide
C.

A voir également:

64 réponses

Précédent
Réponse 41 / 64
cycy_
 
http://www.cijoint.fr/cjlink.php?file=cj201106/cijm4r40rg.txt

http://www.cijoint.fr/cjlink.php?file=cj201106/cijSWJxiX6.txt

et voici les deux docs
0
Réponse 42 / 64
Utilisateur anonyme
 
t'as pas exactement suivi la config

supprime tous ces installeur de flash player et compagnie puis refais OTL sans rien oublier
0
Réponse 43 / 64
cycy_
 
qu'enten tu pas "supprimer tous les installateurs de flash player"?

Et si j'ai suivi la config, j'ai coché tous partout et respecté tout ce qu'ils avaient coché, la je comprend pas
0
Réponse 44 / 64
Utilisateur anonyme
 
mmm alors tu n'as pas mmis le rapport entier

sur ton bureau tu as des trucs install_Flash_Player etc...;vire tout
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 64
cycy_
 
ok, je dois filer la mais je fais ça demain je pense j'ai la journée pour m'en occuper

merci pour ton aide encore
0
Réponse 46 / 64
Utilisateur anonyme
 
pas de soucis à demain
0
Réponse 47 / 64
cycy_
 
salut !

j'ai refait les rapport en supprimant les instalateur flash et en suivant les consignes.

http://www.cijoint.fr/cjlink.php?file=cj201106/cijnzlVMeB.txt
http://www.cijoint.fr/cjlink.php?file=cj201106/cijzFXar5a.txt
0
Réponse 48 / 64
Utilisateur anonyme
 
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-

:Files
C:\Users\Cyrielle\AppData\Local\{*}
C:\f7bd63d638a1153c3ee18dc84efa8de3
C:\Users\Cyrielle\Desktop\Reload_Tds*.exe
C:\Windows\tøS

:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur "Correction" pour lancer la suppression.


▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
0
Réponse 49 / 64
cycy_
 
voici le rapport :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== FILES ==========
C:\Users\Cyrielle\AppData\Local\{00F9A805-F9B1-4E98-BD4D-6D3895890220} folder moved successfully.
C:\Users\Cyrielle\AppData\Local\{0666BD9C-A781-4BD4-87AC-0EAE012E0F5F} folder moved successfully.
C:\Users\Cyrielle\AppData\Local\{070EEAB5-77CC-4051-9EAC-A08834AD74C1} folder moved successfully.
C:\Users\Cyrielle\AppData\Local\{8043916B-2EE7-4F69-8334-678AA5AC1449} folder moved successfully.
C:\Users\Cyrielle\AppData\Local\{A2B4DC9C-7824-478C-B034-C31F41F6184A} folder moved successfully.
C:\Users\Cyrielle\AppData\Local\{B347C2D6-C1C1-4AF4-B4D5-083E4758F9D6} folder moved successfully.
C:\f7bd63d638a1153c3ee18dc84efa8de3 folder moved successfully.
C:\Users\Cyrielle\Desktop\Reload_Tdsskiller(1).exe moved successfully.
C:\Users\Cyrielle\Desktop\Reload_Tdsskiller(2).exe moved successfully.
C:\Users\Cyrielle\Desktop\Reload_Tdsskiller(3).exe moved successfully.
C:\Users\Cyrielle\Desktop\Reload_Tdsskiller(4).exe moved successfully.
C:\Users\Cyrielle\Desktop\Reload_Tdsskiller.exe moved successfully.
C:\Windows\tøS moved successfully.
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Cyrielle
->Temp folder emptied: 25636509 bytes
->Temporary Internet Files folder emptied: 84420615 bytes
->Java cache emptied: 350041 bytes
->FireFox cache emptied: 45027076 bytes
->Google Chrome cache emptied: 6421082 bytes
->Flash cache emptied: 834 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11807452 bytes
RecycleBin emptied: 30852784 bytes

Total Files Cleaned = 195,00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06152011_134055

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
0
Réponse 50 / 64
Utilisateur anonyme
 
quels soucis persistent ?
0
Réponse 51 / 64
cycy_
 
le message a l'air de ne plus s'afficher mais c'est étrange.
Je veux juste être sur de n'avoir aucun virus. Car quand j'ai vu le même message sur 7 que sur vista ça ma fait flipper.

As tu pu voir qqch de ton côté?
0
Réponse 52 / 64
Utilisateur anonyme
 
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


▶ Télécharge ici :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
Réponse 53 / 64
cycy_
 
j'ai fait le scan, aucun virus apparement comme tu peux le voir ci dessous.
si tout est bon, comprends tu pourquoi j'ai eu ce message de seven? exactement le même que celui que j'avais eu sur vista avant de formater?
J'ai constaté que ces messages ont apparu la premiere fois (sous vista et sous seven) quand j'étais sur un site de streaming. Penses tu que cela est lié?



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6861

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15/06/2011 15:27:53
mbam-log-2011-06-15 (15-27-53).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 241365
Temps écoulé: 33 minute(s), 34 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 54 / 64
Utilisateur anonyme
 
oui cela est lié les page de streaming sont traffiquées et des codes invisibles sont rajoutés dans les pages par des pros qui connaissent les failles des codes sources des pages internet.
0
Réponse 55 / 64
cycy_
 
ce qui signifie ? désolée j'ai pas tout saisi?
virus pas virus? pkoi vista et 7 mont mis les meme message?
0
Réponse 56 / 64
Utilisateur anonyme
 
parce que tu as visité les memes site pourris avec les deux systemes
0
Réponse 57 / 64
cycy_
 
mais au final j'ai un virus ou c'était juste une sorte de "blague"?

Car j'ai été pendant plusieurs années sur ces sites et jamais de probleme?
Désolée pour toutes ces questions je veux juste comprendre ^^
0
Utilisateur anonyme
 
ces infections ne sont que recentes et ce sont les premiers sites concernés c'est normal de plus en plus de monde les utilise donc de plus en plus de monde est infecté
0
cycy_
 
d'accord, donc le virus était bien présent sur mon systeme? que procure ce virus???
Est il toujours présent sur mon systeme?
0
Réponse 58 / 64
Utilisateur anonyme
 
je ne pense pas

refais zhpdiag

un peu de lecture aussi :

https://forum.malekal.com/viewtopic.php?t=589&start=
0
Réponse 59 / 64
cycy_
 
article hyper interessant, donc en gros c t du fake pour que jachette lanti virus de windows?? Mais windows ne peux pas faire ça ???! si?
0
Utilisateur anonyme
 
ca n'a rien à voir avec windows :)
0
Réponse 60 / 64
cycy_
 
Bah c'est une fenetre windows qui s'ouvraient, et quand je voulais effacer, il voulais que j'achete la version payante de lanti virus windows , donc quel interet de faire ça? désolée si j'insiste je veux juste comprendre ça m'interesse

sinon voici le rapport zhp diag: virus ou pas alors?

Rapport de ZHPDiag v1.27.2301 par Nicolas Coolman, Update du 13/06/2011
Run by Cyrielle at 15/06/2011 16:25:51
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 4.0.1 v4.0.1 (Defaut)
GCIE: Google Chrome v12.0.742.100

---\\ System Information
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3071 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 276 GB (92%) free of 298 GB

---\\ Logged in mode
Computer Name: CYRIELLE-PC
User Name: Cyrielle
All Users Names: Guest, Cyrielle, Administrator,
Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\Cyrielle\AppData\Roaming
%LocalAppData%=C:\Users\Cyrielle\AppData\Local
%StartMenu%=C:\Users\Cyrielle\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 276 Go of 298 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK



---\\ Search Generic System Files
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 05:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 01:14:45.) -- C:\Windows\system32\Wininit.exe [96256]
[MD5.214605C48AE416BC067C39D227CFCC57] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/02/2011 05:32:44.) -- C:\Windows\system32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 06:17:59.) -- C:\Windows\system32\Winlogon.exe [285696]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 01:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 01:20:44.) -- C:\Windows\system32\drivers\ntfs.sys [1210432]



---\\ Processi correnti
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- C:\Windows\System32\rundll32.exe [44544]
[MD5.D378BFFB70923139D6A4F546864AA61C] - (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\notepad.exe [179712]
[MD5.4C6898F15701AE7C41775C14E423FE25] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3459712]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [47104]
[MD5.2487C45B64790FC210547919F18FAC71] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1047656]
[MD5.F06CA6475B7A538DB9DC3F7B896B97E4] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [449584]
[MD5.D378BFFB70923139D6A4F546864AA61C] - (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\system32\NOTEPAD.EXE [179712]
[MD5.E83508D9A0F0D0D8449317DC6A4C5E02] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632]
[MD5.3B2CC09944488DB5ED5DFDC315C9AB57] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856]
[MD5.392C346D281BD5309CCE9C31B08D37A9] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [658432]



---\\ Mozilla Firefox, Plugins,Avviamento,Ricerca,Estensione (P2,M0,M1,M2,M3)
C:\Users\Cyrielle\AppData\Roaming\Mozilla\Firefox\Profiles\jmh1635h.default\prefs.js
M3 - MFPP: Plugins - [Cyrielle] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Cyrielle] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Cyrielle] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Cyrielle] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Cyrielle] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Cyrielle] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Cyrielle] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Unknown owner - No comment.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60310.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3508.1109] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
M0 - MFSP: prefs.js [Cyrielle - jmh1635h.default] WWW.GOOGLE.FR



---\\ Google Chrome, Avviamento,Ricerca,Estensione (G0,G1,G3)
C:\Users\Cyrielle\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G2 - GCE: Preference [User Data\Default] [icmlaeflemplmjndnaapfdbbnpncnbda] avast! WebRep v.6.0.1125 (Activé)



---\\ Internet Explorer, Avviamento,Ricerca,Estensione (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKUS\S-1-5-21-2135916146-3893334040-3250946710-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKUS\S-1-5-21-2135916146-3893334040-3250946710-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe



---\\ Browser Helper Objects (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll



---\\ ---\\ Auto loading programs from Registry (O4)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-2135916146-3893334040-3250946710-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-2135916146-3893334040-3250946710-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe



---\\ ---\\ Other User Links (O4)
O4 - Global Startup: C:\Users\Cyrielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Cyrielle\Desktop\Computer - Shortcut.lnk - Orphean Key
O4 - Global Startup: C:\Users\Cyrielle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\Cyrielle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBro
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F0915E2-40B7-47D7-8B66-759997250B2F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F0915E2-40B7-47D7-8B66-759997250B2F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F0915E2-40B7-47D7-8B66-759997250B2F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F0915E2-40B7-47D7-8B66-759997250B2F}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F0915E2-40B7-47D7-8B66-759997250B2F}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F0915E2-40B7-47D7-8B66-759997250B2F}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254



---\\ Extra protocols and protocol Hijackers (O18)
O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.



---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: C:\Windows\system32\Alg.exe (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe
O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: C:\Windows\system32\drivers\luafv.sys (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)



---\\ Compiti progettati in automazione (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.0EA8C1256AA9F68287CD8F06EB527238] [APT] [{567C4356-2387-4AF6-905C-5D6BDE6F905B}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe



---\\ Drivers lanciati all'avviamento (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys



---\\ Softwares installati (O42)
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.4.0 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Java(TM) 6 Update 22 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 4.0.1 (x86 fr)
O42 - Logiciel: OpenOffice.org 3.3 - (.OpenOffice.org.) [HKLM] -- {05653DE1-6567-40C6-B930-39D399B64369}
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {B6CF2967-C81E-40C0-9815-C05774FEF120}
O42 - Logiciel: Skype(TM) 5.3 - (.Skype Technologies S.A..) [HKLM] -- {5335DADB-34BA-4AE8-A519-648D78498846}
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {61AD15B2-50DB-4686-A739-14FE180D4429}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {AF844339-2F8A-4593-81B3-9F4C54038C4E}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9D56775A-93F3-44A3-8092-840E3826DE30}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {92EA4134-10D1-418A-91E1-5A0453131A38}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {83C292B7-38A5-440B-A731-07070E81A64F}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {05E379CC-F626-4E7D-8354-463865B303BF}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {3B9A92DA-6374-4872-B646-253F18624D5F}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}
O42 - Logiciel: avast! Free Antivirus - (.AVAST Software.) [HKLM] -- avast

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AVAST Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\EasyBits]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Netscape]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Policies]
[HKCU\Software\Skype]
[HKCU\Software\Sysinternals]
[HKCU\Software\g3n-h@ckm@n]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Adobe]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Google]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\mozilla.org]
[HKLM\Software\tdbg_trace]



---\\ Contenuto delle files comuni (O43)
O43 - CFD: 12/06/2011 - 18:07:46 - [244060795] ----D- C:\Program Files\Adobe
O43 - CFD: 06/06/2011 - 18:06:30 - [162375671] ----D- C:\Program Files\AVAST Software
O43 - CFD: 12/06/2011 - 18:07:46 - [359170041] ----D- C:\Program Files\Common Files
O43 - CFD: 06/06/2011 - 20:23:04 - [83297300] ----D- C:\Program Files\DVD Maker
O43 - CFD: 12/06/2011 - 17:36:48 - [256009311] ----D- C:\Program Files\Google
O43 - CFD: 06/06/2011 - 20:23:04 - [4560041] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 06/06/2011 - 18:30:22 - [90682362] ----D- C:\Program Files\Java
O43 - CFD: 15/06/2011 - 14:53:14 - [7566409] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 14/07/2009 - 08:50:26 - [148361778] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 13/06/2011 - 11:57:34 - [38388859] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 12/06/2011 - 17:52:34 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 13/06/2011 - 12:04:48 - [15715] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 06/06/2011 - 20:07:28 - [33786165] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 14/07/2009 - 05:52:32 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 06/06/2011 - 18:35:32 - [368732202] ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 06/06/2011 - 18:40:56 - [786432] ----D- C:\Program Files\Protector Suite
O43 - CFD: 14/07/2009 - 05:52:32 - [38597377] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 12/06/2011 - 17:31:34 - [28812298] R---D- C:\Program Files\Skype
O43 - CFD: 14/07/2009 - 05:53:24 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 06/06/2011 - 20:23:04 - [3147264] ----D- C:\Program Files\Windows Defender
O43 - CFD: 06/06/2011 - 20:23:04 - [7121528] ----D- C:\Program Files\Windows Journal
O43 - CFD: 12/06/2011 - 17:51:58 - [147268936] ----D- C:\Program Files\Windows Live
O43 - CFD: 06/06/2011 - 20:23:06 - [6704640] ----D- C:\Program Files\Windows Mail
O43 - CFD: 06/06/2011 - 20:23:04 - [6741931] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 14/07/2009 - 05:52:32 - [12257460] ----D- C:\Program Files\Windows NT
O43 - CFD: 06/06/2011 - 20:23:04 - [4457224] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 05:52:34 - [189440] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 06/06/2011 - 20:23:06 - [7761634] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 15/06/2011 - 16:26:02 - [4065199] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 12/06/2011 - 18:08:36 - [6281214] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 06/06/2011 - 18:31:58 - [1243079] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 12/06/2011 - 17:46:22 - [55563822] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 03:37:06 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 12/06/2011 - 17:30:50 - [2254216] ----D- C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 03:37:06 - [41106343] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 06/06/2011 - 20:23:04 - [10383859] ----D- C:\Program Files\Common Files\System
O43 - CFD: 12/06/2011 - 17:20:10 - [242334806] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 12/06/2011 - 18:11:00 - [763] ----D- C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 06/06/2011 - 18:06:30 - [33714513] ----D- C:\ProgramData\AVAST Software
O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 15/06/2011 - 14:53:12 - [6813578] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 12/06/2011 - 17:46:52 - [145597068] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 12/06/2011 - 17:30:40 - [23206924] ----D- C:\ProgramData\Skype
O43 - CFD: 12/06/2011 - 18:39:32 - [5318087] ----D- C:\ProgramData\Skype Extras
O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 06/06/2011 - 18:32:02 - [119] ----D- C:\ProgramData\Sun
O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 12/06/2011 - 18:39:10 - [146348] ----D- C:\Users\Cyrielle\AppData\Roaming\Adobe
O43 - CFD: 06/06/2011 - 17:40:00 - [0] ----D- C:\Users\Cyrielle\AppData\Roaming\Identities
O43 - CFD: 12/06/2011 - 18:39:10 - [456] ----D- C:\Users\Cyrielle\AppData\Roaming\Macromedia
O43 - CFD: 15/06/2011 - 14:53:18 - [1052] ----D- C:\Users\Cyrielle\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 08:48:46 - [0] ----D- C:\Users\Cyrielle\AppData\Roaming\Media Center Programs
O43 - CFD: 12/06/2011 - 19:31:00 - [1517404] -S--D- C:\Users\Cyrielle\AppData\Roaming\Microsoft
O43 - CFD: 06/06/2011 - 20:07:44 - [13604898] ----D- C:\Users\Cyrielle\AppData\Roaming\Mozilla
O43 - CFD: 06/06/2011 - 18:49:22 - [1501890] ----D- C:\Users\Cyrielle\AppData\Roaming\OpenOffice.org
O43 - CFD: 15/06/2011 - 14:49:20 - [1534557] ----D- C:\Users\Cyrielle\AppData\Roaming\Skype
O43 - CFD: 14/06/2011 - 17:28:38 - [57240] ----D- C:\Users\Cyrielle\AppData\Roaming\skypePM
O43 - CFD: 12/06/2011 - 18:10:38 - [4427817] ----D- C:\Users\Cyrielle\Appdata\Local\Adobe
O43 - CFD: 06/06/2011 - 17:39:12 - [0] -SH-D- C:\Users\Cyrielle\Appdata\Local\Application Data
O43 - CFD: 12/06/2011 - 18:38:44 - [923001] ----D- C:\Users\Cyrielle\Appdata\Local\Google
O43 - CFD: 06/06/2011 - 17:39:12 - [0] -SH-D- C:\Users\Cyrielle\Appdata\Local\History
O43 - CFD: 12/06/2011 - 18:05:58 - [108274881] ----D- C:\Users\Cyrielle\Appdata\Local\Microsoft
O43 - CFD: 12/06/2011 - 22:53:14 - [148987] ----D- C:\Users\Cyrielle\Appdata\Local\Microsoft Games
O43 - CFD: 06/06/2011 - 17:51:16 - [38773658] ----D- C:\Users\Cyrielle\Appdata\Local\Mozilla
O43 - CFD: 15/06/2011 - 16:25:36 - [446273] ----D- C:\Users\Cyrielle\Appdata\Local\Temp
O43 - CFD: 06/06/2011 - 17:39:12 - [0] -SH-D- C:\Users\Cyrielle\Appdata\Local\Temporary Internet Files
O43 - CFD: 06/06/2011 - 17:39:24 - [0] ----D- C:\Users\Cyrielle\Appdata\Local\VirtualStore
O43 - CFD: 15/06/2011 - 05:55:24 - [32768] ----D- C:\Users\Cyrielle\Appdata\Local\Windows Live
O43 - CFD: 14/07/2009 - 05:42:06 - [14619] R---D- C:\Users\Cyrielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 06/06/2011 - 19:40:06 - [174] R---D- C:\Users\Cyrielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 14/07/2009 - 05:37:44 - [580] R---D- C:\Users\Cyrielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 12/06/2011 - 21:08:42 - [0] R---D- C:\Users\Cyrielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup



---\\ Ultimi files modificati o creati sotto Windows e System32 (O44)
O44 - LFC:[MD5.2C000000000000000000000064EF1200] - 15/06/2011 - 15:22:36 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1943523]
O44 - LFC:[MD5.27F9186F8A6A0792EDC961541EDBE048] - 15/06/2011 - 12:49:16 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [10016]
O44 - LFC:[MD5.27F9186F8A6A0792EDC961541EDBE048] - 15/06/2011 - 12:49:16 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [10016]
O44 - LFC:[MD5.43AA7CAF94FDBA1E29DC459474D67645] - 15/06/2011 - 12:48:30 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.F1B6F8652097712E94BF2F0BA624FB60] - 15/06/2011 - 12:48:30 ---A- . (...) -- C:\Windows\System32\perfc009.dat [106388]
O44 - LFC:[MD5.C52DD6FD99A9F9A3001E1F8555BD9F59] - 15/06/2011 - 12:48:30 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [130140]
O44 - LFC:[MD5.10D71BD4C0B0BF7C0DF65AFBFA39F8CE] - 15/06/2011 - 12:48:30 ---A- . (...) -- C:\Windows\System32\perfh009.dat [616008]
O44 - LFC:[MD5.FDD32DE50532C629D94B14C5A9C7EDEF] - 15/06/2011 - 12:48:30 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [694430]
O44 - LFC:[MD5.AF3F60C3807DEA8BD2702E216CD6DC6A] - 15/06/2011 - 12:44:00 ---A- . (...) -- C:\Windows\setupact.log [18840]
O44 - LFC:[MD5.21BD3C134939BAF1E5458BED69DD76F0] - 15/06/2011 - 12:43:56 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.41BAC50958DD7472152DDC96D99AAE0C] - 14/06/2011 - 11:49:03 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.CB8AE0A9E927256868F494E380834451] - 12/06/2011 - 20:44:21 --HA- . (...) -- C:\Windows\System32\ezsidmv.dat [56]
O44 - LFC:[MD5.4730F594A4ADB365B414C2416F6BB134] - 12/06/2011 - 18:22:42 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [404640]
O44 - LFC:[MD5.EE021374B601BA01BD2835A19B86B8D2] - 12/06/2011 - 17:35:31 ---A- . (...) -- C:\Windows\PFRO.log [308]
O44 - LFC:[MD5.4B1D0FDE9AA768E94742F2A514192335] - 06/06/2011 - 19:29:37 ---A- . (...) -- C:\Windows\IE9_main.log [2265]
O44 - LFC:[MD5.07BA000B2E67565BDF112C35171865A5] - 06/06/2011 - 19:22:34 ---A- . (...) -- C:\Windows\System32\perfd00C.dat [38160]
O44 - LFC:[MD5.04F6C9757DB75FF27C427E5B31DDB289] - 06/06/2011 - 19:22:34 ---A- . (...) -- C:\Windows\System32\perfi00C.dat [344522]
O44 - LFC:[MD5.8C838DC3D32E243742317A39A61CED62] - 06/06/2011 - 18:39:06 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [292080]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/06/2011 - 17:41:19 --HA- . (...) -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/06/2011 - 17:41:19 --HA- . (...) -- C:\Windows\System32\drivers\Msft_User_tcwbf_01_09_00.Wdf [0]
O44 - LFC:[MD5.27CADAE7E69FEEE773EA55108A8F9F47] - 06/06/2011 - 17:30:28 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\deployJava1.dll [472808]
O44 - LFC:[MD5.51A850830CB841FBE5B90142BCC6B854] - 06/06/2011 - 17:30:28 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\java.exe [145184]
O44 - LFC:[MD5.87893167C98FCEF5D14077511F219B75] - 06/06/2011 - 17:30:28 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\System32\javaw.exe [145184]
O44 - LFC:[MD5.42278A946AB729CB746AA47D48F5FCC0] - 06/06/2011 - 17:30:28 ---A- . (.Sun Microsystems, Inc. - Java(TM) Web Start Launcher.) -- C:\Windows\System32\javaws.exe [153376]
O44 - LFC:[MD5.0AF7946AD9B2E82058C6421EEC960FCF] - 06/06/2011 - 17:24:21 ---A- . (.Intel(R) Corporation - No comment.) -- C:\Windows\System32\ir32_32.dll [197632]
O44 - LFC:[MD5.17A4BE67FB6B9219A802F39C263AC8AC] - 06/06/2011 - 17:24:21 ---A- . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll [82944]
O44 - LFC:[MD5.D592AAA377748FC50E34D731F0D0D7B8] - 06/06/2011 - 17:23:49 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [34304]
O44 - LFC:[MD5.7D643BB2B21B22621D76BE185AE9F7F8] - 06/06/2011 - 17:23:49 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [294912]
O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 06/06/2011 - 17:20:17 ---A- . (...) -- C:\Windows\System32\config.nt [2577]
O44 - LFC:[MD5.7F08D9C504B015D81A8ABD75C80028C5] - 06/06/2011 - 17:13:44 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\System32\drivers\aswFsBlk.sys [19544]
O44 - LFC:[MD5.D6788E3211AFA9951ED7A4D617F68A4F] - 06/06/2011 - 17:13:41 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\System32\drivers\aswSP.sys [307928]
O44 - LFC:[MD5.AC48BDD4CD5D44AF33087C06D6E9511C] - 06/06/2011 - 17:13:24 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\System32\drivers\aswRdr.sys [25432]
O44 - LFC:[MD5.4D100C45517809439C7B6DD98997FA00] - 06/06/2011 - 17:13:21 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\System32\drivers\aswTdi.sys [49240]
O44 - LFC:[MD5.B64134316FCD1F20E0F10EF3E65BD522] - 06/06/2011 - 17:13:19 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\System32\drivers\aswSnx.sys [441176]
O44 - LFC:[MD5.9BDC8E9CE17B773F69D2C6696C768C4F] - 06/06/2011 - 17:13:00 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\Windows\System32\drivers\aswMonFlt.sys [53592]
O44 - LFC:[MD5.B8576757416F471C9D7F83B2B04B1F9D] - 06/06/2011 - 17:06:36 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr [40112]
O44 - LFC:[MD5.A4FF904203B176D2D7498AA7CECAFE0C] - 06/06/2011 - 17:06:35 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\aswBoot.exe [199304]
O44 - LFC:[MD5.E73694DCFE105A03479692A90E021AAD] - 06/06/2011 - 15:32:50 ---A- . (...) -- C:\Windows\System32\license.rtf [42045]
O44 - LFC:[MD5.51370BDA636A3391207F190F4E2A3283] - 06/06/2011 - 15:31:58 ---A- . (...) -- C:\Windows\TSSysprep.log [1313]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/06/2011 - 15:31:22 ---A- . (...) -- C:\Windows\ativpsrm.bin [0]
O44 - LFC:[MD5.6497407F82E41274B9A34C035E16F3B1] - 06/06/2011 - 15:29:54 ---A- . (...) -- C:\Windows\DtcInstall.log [1774]
O44 - LFC:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 29/05/2011 - 08:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbamswissarmy.sys [39984]
O44 - LFC:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 29/05/2011 - 08:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [22712]



---\\ Ultimi files creati sotto Windows Prefetcher (O45)
O45 - LFCP:[MD5.AE0AE8E62D674F95BC9F4D7813287668] - 06/06/2011 - 15:30:12 ---A- - C:\Windows\Prefetch\AgAppLaunch.db
O45 - LFCP:[MD5.BDAC677DB38951843FAEC10DCD8F8A6E] - 06/06/2011 - 15:31:52 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-9EFC97F2.pf
O45 - LFCP:[MD5.8FBEE36E24B44B22A2EC62C4ED3C2EB5] - 06/06/2011 - 15:32:09 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf
O45 - LFCP:[MD5.AAD56328DD3AF4D830389AFA868BA8E2] - 06/06/2011 - 15:32:44 ---A- - C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf
O45 - LFCP:[MD5.695599FB68CA09C26F81FB4468EE1EB3] - 06/06/2011 - 15:32:46 ---A- - C:\Windows\Prefetch\CLRGC.EXE-A87AD925.pf
O45 - LFCP:[MD5.C16EAFA20812BB05A0C8A5496172B292] - 06/06/2011 - 16:36:33 ---A- - C:\Windows\Prefetch\NET.EXE-DF44F913.pf
O45 - LFCP:[MD5.A454B268322C11AA5BA029CBC6121AD9] - 06/06/2011 - 16:36:33 ---A- - C:\Windows\Prefetch\NET1.EXE-849DA590.pf
O45 - LFCP:[MD5.C922C650AD7F15568F10A1B8A279466D] - 06/06/2011 - 16:36:33 ---A- - C:\Windows\Prefetch\SC.EXE-945D79AE.pf
O45 - LFCP:[MD5.D74B67E9E4871105C0F139A245BEFC2C] - 06/06/2011 - 16:37:40 ---A- - C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf
O45 - LFCP:[MD5.C17657223017810F1BF66AA55B33ECCE] - 06/06/2011 - 16:37:43 ---A- - C:\Windows\Prefetch\BOOTINST.EXE-1C97BF89.pf
O45 - LFCP:[MD5.B285AA71067B714F308CF3493B62D221] - 06/06/2011 - 16:37:48 ---A- - C:\Windows\Prefetch\DISKPART.EXE-9046403A.pf
O45 - LFCP:[MD5.67EA4F610169EDE54C12E2A1A027939F] - 06/06/2011 - 16:37:48 ---A- - C:\Windows\Prefetch\SHUTDOWN.EXE-E7D5C9CC.pf
O45 - LFCP:[MD5.639E6330826DDB3FEE38A3E90F6051EC] - 06/06/2011 - 16:43:55 ---A- - C:\Windows\Prefetch\IE4UINIT.EXE-3A7E0C67.pf
O45 - LFCP:[MD5.386F2EED77570EDCB7BAFA499CBD7CB5] - 06/06/2011 - 16:46:58 ---A- - C:\Windows\Prefetch\FIREFOX%20SETUP%204.0.1[1].EX-D8F68F37.pf
O45 - LFCP:[MD5.259ED8868E66B043FE9AE4B4FFD00AAB] - 06/06/2011 - 16:47:37 ---A- - C:\Windows\Prefetch\SETUP.EXE-8D19AEFE.pf
O45 - LFCP:[MD5.6BD4E51C4E591D5883AC9CB337A8436E] - 06/06/2011 - 17:04:56 ---A- - C:\Windows\Prefetch\AVAST_FREE6_01NET.EXE-7BDC2CBD.pf
O45 - LFCP:[MD5.3BBABA688980FF4C6450DD6612A1BC9B] - 06/06/2011 - 17:05:09 ---A- - C:\Windows\Prefetch\AVAST.SETUP-8ECDE82B.pf
O45 - LFCP:[MD5.C84341064937939E42D6DE6019FEADBE] - 06/06/2011 - 17:06:54 ---A- - C:\Windows\Prefetch\VCREDIST_X86_SP1.EXE-08439203.pf
O45 - LFCP:[MD5.3542691931B60F48FCD193290EE5462B] - 06/06/2011 - 17:06:57 ---A- - C:\Windows\Prefetch\INSTALL.EXE-03D4B465.pf
O45 - LFCP:[MD5.325034C2E9F76470C49E9753DBEEE6AA] - 06/06/2011 - 17:09:04 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-E02536F7.pf
O45 - LFCP:[MD5.AEFA6F6C52E0D7884D2FF3B70D8DF4BA] - 06/06/2011 - 17:10:57 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf
O45 - LFCP:[MD5.47F5228EDE2BDBF6C2165159421318AE] - 06/06/2011 - 17:13:56 ---A- - C:\Windows\Prefetch\AVASTSVC.EXE-AEB722C6.pf
O45 - LFCP:[MD5.80CC915441F2D7B7AEBE411C578C11EC] - 06/06/2011 - 17:14:26 ---A- - C:\Windows\Prefetch\ASHQUICK.EXE-AA982584.pf
O45 - LFCP:[MD5.2269730E6BFD8DF39F4BFD9E009BEADB] - 06/06/2011 - 17:15:43 ---A- - C:\Windows\Prefetch\VCREDIST_X86.EXE-93F3B0FE.pf
O45 - LFCP:[MD5.D32B9DFBCD3CED09E08A38586C54C288] - 06/06/2011 - 17:15:44 ---A- - C:\Windows\Prefetch\INSTALL.EXE-2D324AE2.pf
O45 - LFCP:[MD5.2FF800100C5996DED7EF98201870D60D] - 06/06/2011 - 17:15:56 ---A- - C:\Windows\Prefetch\SETUP.EXE-498A4033.pf
O45 - LFCP:[MD5.E24535639AB2DD8EA7A85DAA623870CF] - 06/06/2011 - 17:19:47 ---A- - C:\Windows\Prefetch\SETUP.OVR-56BCD126.pf
O45 - LFCP:[MD5.1C0C04EF8A76126AF70DACA32B9890E3] - 06/06/2011 - 17:21:55 ---A- - C:\Windows\Prefetch\ASWREGSVR.EXE-AD27A91B.pf
O45 - LFCP:[MD5.D7E63425E0025758D5FFB703CDB0861F] - 06/06/2011 - 17:24:49 ---A- - C:\Windows\Prefetch\OOO_3.3.0_WIN_X86_INSTALL-WJR-1A2E44E6.pf
O45 - LFCP:[MD5.588C8A847AAE9D6EB7845C77F0169B97] - 06/06/2011 - 17:25:21 ---A- - C:\Windows\Prefetch\SETUP.EXE-507A085B.pf
O45 - LFCP:[MD5.C50A27142372D0CBFECA0450D93470E4] - 06/06/2011 - 17:25:22 ---A- - C:\Windows\Prefetch\VCREDIST_X86.EXE-4A3607A6.pf
O45 - LFCP:[MD5.212F9039E5CB0DA8818E902099867F6F] - 06/06/2011 - 17:25:24 ---A- - C:\Windows\Prefetch\INSTALL.EXE-411B3091.pf
O45 - LFCP:[MD5.28002C7159EC605ECF88C8316C65FD3F] - 06/06/2011 - 17:26:49 ---A- - C:\Windows\Prefetch\JRE-WINDOWS-I586.EXE-0916EA9E.pf
O45 - LFCP:[MD5.388C2B5B96C609DDBE1B0F4F2283072B] - 06/06/2011 - 17:27:25 ---A- - C:\Windows\Prefetch\MPAS-FE.EXE-6BCBD37D.pf
O45 - LFCP:[MD5.01D7AE248673377D0ECFBAF9A19D5832] - 06/06/2011 - 17:27:25 ---A- - C:\Windows\Prefetch\MPSIGSTUB.EXE-C9D7ADC8.pf
O45 - LFCP:[MD5.00C54531E9922E14D5E0A3DEA0908794] - 06/06/2011 - 17:30:41 ---A- - C:\Windows\Prefetch\ZIPPER.EXE-45D9BE29.pf
O45 - LFCP:[MD5.E09B8216857B6F90A0C632A9A34F4CDC] - 06/06/2011 - 17:31:03 ---A- - C:\Windows\Prefetch\UNPACK200.EXE-FB3B322C.pf
O45 - LFCP:[MD5.7052E01CDCE7391D2DF041185A2E8E0D] - 06/06/2011 - 17:32:00 ---A- - C:\Windows\Prefetch\JAUREG.EXE-171665BB.pf
O45 - LFCP:[MD5.050466FA9E1B42CB930D8C3A372CAA2A] - 06/06/2011 - 17:35:15 ---A- - C:\Windows\Prefetch\RSTRUI.EXE-2D50C58D.pf
O45 - LFCP:[MD5.7C492EC54E35856775E639151FA9B529] - 06/06/2011 - 17:35:16 ---A- - C:\Windows\Prefetch\WBENGINE.EXE-28FD7E8B.pf
O45 - LFCP:[MD5.A0DF615BABE3EC085C6C31661F4E7F96] - 06/06/2011 - 17:35:23 ---A- - C:\Windows\Prefetch\VDSLDR.EXE-6B089E8B.pf
O45 - LFCP:[MD5.116B554827DD4CCB4541D118C377C0A2] - 06/06/2011 - 17:35:24 ---A- - C:\Windows\Prefetch\VDS.EXE-6E7946F9.pf
O45 - LFCP:[MD5.47BD9B35AC2847A84FA4F76AFAE099C2] - 06/06/2011 - 17:39:45 ---A- - C:\Windows\Prefetch\UNOPKG.EXE-B11D2061.pf
O45 - LFCP:[MD5.441FD228A2BD8E76B5DB6B74F0FE1FBB] - 06/06/2011 - 17:39:48 ---A- - C:\Windows\Prefetch\UNOPKG.BIN-A4AB393C.pf
O45 - LFCP:[MD5.D6F93BD8CBA1E1092312984FF042450C] - 06/06/2011 - 17:41:26 ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
O45 - LFCP:[MD5.EC5B94311911F994F96ECFF8B763754E] - 06/06/2011 - 17:46:12 ---A- - C:\Windows\Prefetch\MPSYSCHK.EXE-933ADA9A.pf
O45 - LFCP:[MD5.64E41BD77D58B94BDE18C91059958532] - 06/06/2011 - 17:49:43 ---A- - C:\Windows\Prefetch\JAVA.EXE-264CA9D2.pf
O45 - LFCP:[MD5.79866B2D198C33944974391EDA31C5E9] - 06/06/2011 - 17:49:47 ---A- - C:\Windows\Prefetch\WMIC.EXE-A7D06383.pf
O45 - LFCP:[MD5.35BD4EA04C585E0F5B00959342F302C4] - 06/06/2011 - 17:54:18 ---A- - C:\Windows\Prefetch\STIKYNOT.EXE-AD181651.pf
O45 - LFCP:[MD5.CFCDF2EEC4F96430A62BE9E9CE79F462] - 06/06/2011 - 17:54:40 ---A- - C:\Windows\Prefetch\WFS.EXE-BA5DB8A8.pf
O45 - LFCP:[MD5.64FFE65EB3F4B304D5C2340BFEF25A51] - 06/06/2011 - 17:54:46 ---A- - C:\Windows\Prefetch\FXSSVC.EXE-A5D83991.pf
O45 - LFCP:[MD5.A9D88A85E102AF1D5CE3640DDF3B9A7D] - 06/06/2011 - 17:54:58 ---A- - C:\Windows\Prefetch\MRT.EXE-851529F7.pf
O45 - LFCP:[MD5.7C89BF58715F47352F2618A1D336BBE7] - 06/06/2011 - 17:55:00 ---A- - C:\Windows\Prefetch\WINDOWS-KB890830-V3.19.EXE-1C83B633.pf
O45 - LFCP:[MD5.F3DE4859B824FCAD2BF09800FC90B13C] - 06/06/2011 - 17:55:02 ---A- - C:\Windows\Prefetch\MRTSTUB.EXE-824C0FD8.pf
O45 - LFCP:[MD5.B6A48C6BC4BCF4119F75BFAB4B9771E7] - 06/06/2011 - 18:21:44 ---A- - C:\Windows\Prefetch\WINSAT.EXE-DE36CB46.pf
O45 - LFCP:[MD5.D7F2AB0B29B3D0DC2D33A294F8520F4C] - 06/06/2011 - 18:24:43 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf
O45 - LFCP:[MD5.4096C54768991E6E577BB79BF0640646] - 06/06/2011 - 18:24:45 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
O45 - LFCP:[MD5.EBFA033B198E791F1D76509BB503C40E] - 06/06/2011 - 18:26:45 ---A- - C:\Windows\Prefetch\POWERCFG.EXE-668FA411.pf
O45 - LFCP:[MD5.40496E16F482F9FEDB928455CC7CB2CE] - 06/06/2011 - 18:31:41 ---A- - C:\Windows\Prefetch\CSC.EXE-A3B8D95D.pf
O45 - LFCP:[MD5.2B524EA9BBD05CCA8A578EB5E976CED8] - 06/06/2011 - 18:31:41 ---A- - C:\Windows\Prefetch\CVTRES.EXE-069169FB.pf
O45 - LFCP:[MD5.21EDC4A046941F7F02DC0608C7CB91D6] - 06/06/2011 - 18:31:44 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf
O45 - LFCP:[MD5.9651082B69920C1225B0190751EA8B5B] - 06/06/2011 - 18:31:44 ---A- - C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf
O45 - LFCP:[MD5.0095923BB1B8CD6F8B6A0728E0BF29CD] - 06/06/2011 - 18:31:45 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf
O45 - LFCP:[MD5.7621B2F16895115E7B6C8D8B250F770D] - 06/06/2011 - 18:31:53 ---A- - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
O45 - LFCP:[MD5.63B57B8BA70F81AFA886FA39D10ADAFF] - 06/06/2011 - 18:37:35 ---A- - C:\Windows\Prefetch\POQEXEC.EXE-69592829.pf
O45 - LFCP:[MD5.CC1C67D879A07ABCFE1D69B8C15ADA89] - 06/06/2011 - 18:40:16 ---A- - C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf
O45 - LFCP:[MD5.3C378C88BA926E504C436C45339A9EB6] - 06/06/2011 - 18:40:16 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-FEDB32D0.pf
O45 - LFCP:[MD5.D60BF4D074F449902EE2B01E5266EBCB] - 06/06/2011 - 18:40:16 ---A- - C:\Windows\Prefetch\TZUPD.EXE-2128F25C.pf
O45 - LFCP:[MD5.B89227F820763FE935BDC3D5320A3C8D] - 06/06/2011 - 18:40:16 ---A- - C:\Windows\Prefetch\WFS.EXE-147AA976.pf
O45 - LFCP:[MD5.1C86FBB7DEF682A417D1A1D1CF23E6A8] - 06/06/2011 - 18:45:20 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-1B239DE1.pf
O45 - LFCP:[MD5.D3055071A40738E858E2C62728DA321B] - 06/06/2011 - 18:45:27 ---A- - C:\Windows\Prefetch\HELPPANE.EXE-FEDC965B.pf
O45 - LFCP:[MD5.8906D1F864AEAECA1D14FEFAE55ABF8F] - 06/06/2011 - 18:50:25 ---A- - C:\Windows\Prefetch\UNINSTALLER.EXE-FB9CC9A0.pf
O45 - LFCP:[MD5.E370D39B61DE471B52EE24C93794333C] - 06/06/2011 - 18:50:33 ---A- - C:\Windows\Prefetch\AU_.EXE-6421903A.pf
O45 - LFCP:[MD5.E241AAAD99C96CC32EE8C2C27B122E5B] - 06/06/2011 - 18:50:34 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-7FAA2E4C.pf
O45 - LFCP:[MD5.7C77123083D8957A395ED2FC272B234F] - 06/06/2011 - 18:50:41 ---A- - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf
O45 - LFCP:[MD5.EC4B8C25457741B25099201AD8A21D0F] - 06/06/2011 - 18:52:48 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
O45 - LFCP:[MD5.42D012FF128AD1D9011C168152EA1DDC] - 06/06/2011 - 19:06:37 ---A- - C:\Windows\Prefetch\WUAPP.EXE-C6167071.pf
O45 - LFCP:[MD5.3482ECAE914FAB94725905EA39128C78] - 06/06/2011 - 19:07:07 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-74857ABA.pf
O45 - LFCP:[MD5.62B3CFC5DC51FB6C8C07D404BB18355B] - 06/06/2011 - 19:07:24 ---A- - C:\Windows\Prefetch\FIREFOX%20SETUP%204.0.1[1].EX-167125DC.pf
O45 - LFCP:[MD5.A167073AD3D3FEFBB238939DFAB91173] - 06/06/2011 - 19:07:29 ---A- - C:\Windows\Prefetch\SETUP.EXE-F4C0229F.pf
O45 - LFCP:[MD5.E683B932C0AE8D8065ADE8E3284383FF] - 06/06/2011 - 19:07:50 ---A- - C:\Windows\Prefetch\HELPER.EXE-8AEDE3E3.pf
O45 - LFCP:[MD5.1EF8ED136F9F2292CB145A483667D0C4] - 06/06/2011 - 19:24:34 ---A- - C:\Windows\Prefetch\LPKSETUP.EXE-90F505D8.pf
O45 - LFCP:[MD5.76D064F91C5C682D3EFB0A86142FDA6C] - 06/06/2011 - 19:30:32 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-9E25227B.pf
O45 - LFCP:[MD5.143A69EB28D6C11A845966B567B07888] - 12/06/2011 - 16:13:03 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-010CA916.pf
O45 - LFCP:[MD5.25A3FC75A8DC85500C2218727E2C66E1] - 12/06/2011 - 16:28:36 ---A- - C:\Windows\Prefetch\SETUP_WM.EXE-674F654A.pf
O45 - LFCP:[MD5.B0793AC9CB4F6707BF6FD066277FB543] - 12/06/2011 - 16:28:58 ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf
O45 - LFCP:[MD5.75EE627E7ECA51CEE75AFB8A940C8D39] - 12/06/2011 - 16:30:52 ---A- - C:\Windows\Prefetch\ATTRIB.EXE-A990CB86.pf
O45 - LFCP:[MD5.1EB98D3882A894BBD1CD93D2EB09B4A5] - 12/06/2011 - 16:45:57 ---A- - C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-17410B90.pf
O45 - LFCP:[MD5.0919E4DEC9E0E97C7A1C223426FAA195] - 12/06/2011 - 17:13:32 ---A- - C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
O45 - LFCP:[MD5.454AF8707EBB230898814E89DB03572E] - 12/06/2011 - 17:37:19 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-007FEA55.pf
O45 - LFCP:[MD5.B18EA6112B02F09268C056111DEFDB7E] - 12/06/2011 - 18:43:35 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf
O45 - LFCP:[MD5.BF4C81962D769E412CDBA68AE96A8D5C] - 12/06/2011 - 19:02:27 ---A- - C:\Windows\Prefetch\JAVA.EXE-E27B75C2.pf
O45 - LFCP:[MD5.682847B32DED39284C31C157FA332C05] - 12/06/2011 - 19:06:33 ---A- - C:\Windows\Prefetch\AVASTUI.EXE-56B29A08.pf
O45 - LFCP:[MD5.F0E8BD610FCEBE6C7D810A44E136CE80] - 12/06/2011 - 20:05:39 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
O45 - LFCP:[MD5.017C5E158F26BBF274C24F2D6441F755] - 12/06/2011 - 20:05:57 ---A- - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf
O45 - LFCP:[MD5.68777FC3673FCE9B007E9BA4E11A0070] - 12/06/2011 - 20:23:34 ---A- - C:\Windows\Prefetch\MPCMDRUN.EXE-F401FBB4.pf
O45 - LFCP:[MD5.EE607CDF77191AB1BB73F342A1866E32] - 12/06/2011 - 21:20:23 ---A- - C:\Windows\Prefetch\JAUCHECK.EXE-7E60136B.pf
O45 - LFCP:[MD5.E93E52F974FB127F8F9E63A4206B207F] - 12/06/2011 - 21:20:28 ---A- - C:\Windows\Prefetch\JAVAW.EXE-91B81925.pf
O45 - LFCP:[MD5.AAD1012410D9D3DC8C84732F8F3072E8] - 12/06/2011 - 21:20:28 ---A- - C:\Windows\Prefetch\JAVAWS.EXE-5FA6EB7C.pf
O45 - LFCP:[MD5.DDBD7EC4C1CDFA40D109D0AB65F84C27] - 12/06/2011 - 21:51:27 ---A- - C:\Windows\Prefetch\SOFFICE.BIN-FFFF76B3.pf
O45 - LFCP:[MD5.4D746C144DA239E1DB6C56891506ECC3] - 12/06/2011 - 21:51:27 ---A- - C:\Windows\Prefetch\SOFFICE.EXE-0C715DD8.pf
O45 - LFCP:[MD5.12B6DBEF58EF7095B72031D92D851C81] - 13/06/2011 - 13:20:17 ---A- - C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf
O45 - LFCP:[MD5.BCBB58D83F67C2C4EF90391328BCA572] - 13/06/2011 - 13:32:44 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-61AE5AB6.pf
O45 - LFCP:[MD5.5A9C7CA0DB189618769D30CD94235B6D] - 13/06/2011 - 13:38:38 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf
O45 - LFCP:[MD5.A12259D5E5CECEACDDD278E0164BB57D] - 14/06/2011 - 10:36:42 ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
O45 - LFCP:[MD5.37EB4E97F9D5DBED5FC39D1D30ECCFC1] - 14/06/2011 - 10:36:43 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
O45 - LFCP:[MD5.CE84DDD2BC22817274AB8579EE6AF705] - 14/06/2011 - 10:37:22 ---A- - C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf
O45 - LFCP:[MD5.99164B9AAB3FBC4B3A6D09F39D031F8B] - 14/06/2011 - 10:39:07 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf
O45 - LFCP:[MD5.D4BA91286F5AC70B78FC76DA8A9234D2] - 14/06/2011 - 16:30:38 ---A- - C:\Windows\Prefetch\AgCx_SC2.db
O45 - LFCP:[MD5.8C1A9397A5F38C5982089CA3C721B5EB] - 14/06/2011 - 22:50:30 ---A- - C:\Windows\Prefetch\MAKECAB.EXE-0F1704A4.pf
O45 - LFCP:[MD5.8894D3FECA84FFD2331443482DC01874] - 14/06/2011 - 23:44:23 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.C39FC15299F345512C3950DAABE917AC] - 15/06/2011 - 11:31:50 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-05F624AB.pf
O45 - LFCP:[MD5.EF69758659D779590BDA5872013AA72A] - 15/06/2011 - 11:50:25 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
O45 - LFCP:[MD5.56926F7560A02B1D8C799B9738ABC9DB] - 15/06/2011 - 11:50:30 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx
O45 - LFCP:[MD5.974D67625FECD55EC67951A09DA3138C] - 15/06/2011 - 11:51:30 ---A- - C:\Windows\Prefetch\AgCx_SC1.db
O45 - LFCP:[MD5.19CA22F838F26DAEA0FFD73C6F2B7B14] - 15/06/2011 - 11:55:07 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2135916146-3893334040-3250946710-1000.db
O45 - LFCP:[MD5.126BB90E3295BC81E42D70A3A5959478] - 15/06/2011 - 11:55:07 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2135916146-3893334040-3250946710-1000.db
O45 - LFCP:[MD5.5F11044A54D577E608C23F42B5BBE1CC] - 15/06/2011 - 11:55:09 ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf
O45 - LFCP:[MD5.40F4A2E52357D2DB1146480EF8788DCE] - 15/06/2011 - 11:55:47 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
O45 - LFCP:[MD5.36543632D0705C2AD8DB026FFFD7C012] - 15/06/2011 - 12:43:09 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.013CDE657040D8C874B945250CD972BE] - 15/06/2011 - 12:46:03 ---A- - C:\Windows\Prefetch\AVAST.SETUP-B1D66586.pf
O45 - LFCP:[MD5.2A46F7087F3A58BF754A288BE0AD327D] - 15/06/2011 - 12:47:45 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf
O45 - LFCP:[MD5.803862CE6C44691010F75CC68AC336D3] - 15/06/2011 - 12:48:26 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
O45 - LFCP:[MD5.CF5F70CEDAFD185C7FD207AB12FE2BF4] - 15/06/2011 - 12:57:16 ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
O45 - LFCP:[MD5.BFAB68BEBF6F5E3247D957CC971F42F7] - 15/06/2011 - 13:45:38 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
O45 - LFCP:[MD5.E907E0C22095304FF96390ED9CA7287A] - 15/06/2011 - 13:47:44 ---A- - C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf
O45 - LFCP:[MD5.46D78D90A53D7FA2BE93E2333E440B31] - 15/06/2011 - 13:48:43 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf
O45 - LFCP:[MD5.7B866BF643D1AB5B002C811947F2D515] - 15/06/2011 - 13:52:40 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
O45 - LFCP:[MD5.ED1C5AA92A894B5629BB58ED9C785BA1] - 15/06/2011 - 14:31:19 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf
O45 - LFCP:[MD5.3DE74127D54640A7781744F2C13F0ED2] - 15/06/2011 - 14:50:41 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
O45 - LFCP:[MD5.5FCB5AD7841169A35695CF4498F30C95] - 15/06/2011 - 15:02:36 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
O45 - LFCP:[MD5.05651023F8CE7B61015197853323DF09] - 15/06/2011 - 15:10:12 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.39C6DEC46E16DE818419BA24EF93962E] - 15/06/2011 - 15:10:12 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.33AEB005204E0455CC0169F5A2945A15] - 15/06/2011 - 15:10:13 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.3127CDABA33215F2BC6B58DA1AEBF7EA] - 15/06/2011 - 15:10:13 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.DE3E04F4C477D5C44FEE06A771116EC8] - 15/06/2011 - 15:24:29 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
O45 - LFCP:[MD5.B5F81AFD6E2FD8708BABFAEC8E81C9EA] - 15/06/2011 - 15:24:29 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
O45 - LFCP:[MD5.FC71A43DC57D94119384CCF4B3FA32D7] - 15/06/2011 - 15:25:38 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
O45 - LFCP:[MD5.A54DACEB0ABCCDC2C9DC8A6BE3A55CAD] - 15/06/2011 - 15:26:01 ---A- - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
O45 - LFCP:[MD5.664B2E7D7EFD0B3988D5F173B2B519C3] - 15/06/2011 - 15:26:01 ---A- - C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf



---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"wdmaud.drv"="Microsoft 1.1 UAA Function Driver for High Definition Audio" . (.Unknown owner - No comment.) -- (.not file.)



---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "lega
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
code de réinitialisation de samsung GT-E1205T
SB -
Delarue -

35 réponses
Code de réinitialisation Samsung
baissaoui -
baissaoui -

0 réponse
Code formatage du telephone samsung
IMOH19 -
flash -

10 réponses