Pb virus search daily

Guitou74 -  
 guitou74 -
Bonjour,

J'ai un problème avec le net. Quand je clic sur un lien depuis google cela me ramène toujours sur le site www.search.daily.com

Voici la copie de l'analyse Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:36, on 01/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\avast\aswUpdSv.exe
D:\avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\avast\ashWebSv.exe
D:\Quick time\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
D:\Daemon tools\daemon.exe
D:\avast\ashDisp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Java\j2re1.4.2_15\bin\jucheck.exe
D:\avast\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B6EE624E-BB5B-4934-8B52-E12C32252EB3} - C:\WINDOWS\System32\ddrawe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Quick time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] D:\avast\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\avast\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
A voir également:

30 réponses

Précédent
  • 1
  • 2
Réponse 21 / 30
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonjour

(de passage rapide pour le moment)

Étape 1:
Télécharge eScan Antivirus Toolkit :

http://www.spywareinfo.dk/download/mwav.exe

Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

Étape 2 :
Voici comment mettre l'outil à jour :

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky).
Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe . Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).

4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\ Downloads , puis colle-les dans le dossier C:\ Kaspersky . Accepte à l'invite de remplacer les fichiers existants.

Ne pas lancer le scan tout de suite !

Étape 3:
Redémarre en mode Sans Échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée" "
5) Choisi ton compte régulier, et non Administrateur


Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\ Kaspersky

2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran.

3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), </
gras> et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

5.) Juste au-dessous, assure-toi que <gras> Scan All Files est coché, et non Program Files.

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed .
Ne pas quitter tout de suite !

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\ Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
0
Réponse 22 / 30
guitou74
 
voila le rapport :

File C:\WINDOWS\System32\ddrawe.dll infected by "Trojan-Downloader.Win32.Agent.evt" Virus. Action Taken: File to be deleted on reboot.

File C:\Program Files\Trend Micro\HijackThis\backups\backup-20071104-134110-164.dll infected by "Trojan-Downloader.Win32.Agent.evt" Virus. Action Taken: File Deleted.

File C:\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

File C:\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

File C:\System Volume Information\_restore{389BC3A5-5DAA-42F2-BE00-9A30DF68AE7B}\RP229\A0044201.dll infected by "Trojan.Win32.BHO.bb" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{389BC3A5-5DAA-42F2-BE00-9A30DF68AE7B}\RP229\A0044203.dll infected by "Trojan.Win32.BHO.bb" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{389BC3A5-5DAA-42F2-BE00-9A30DF68AE7B}\RP239\A0044999.dll infected by "Trojan-Downloader.Win32.Agent.evt" Virus. Action Taken: File Deleted.


Bonne soirée et bonne recherche merci encore en espérant que cela portera ces fruits
0
Réponse 23 / 30
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir

sincèrement je ne vois pas trop. Il faudrait peut être mettre cette adresse dans les sites sensibles d'Internet explorer (option internet)

reposte tout de même un rapport hijackthis
0
Réponse 24 / 30
guitou74
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:57, on 10/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\avast\aswUpdSv.exe
D:\avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
D:\Daemon tools\daemon.exe
D:\avast\ashDisp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\avast\ashWebSv.exe
D:\avast\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B6EE624E-BB5B-4934-8B52-E12C32252EB3} - C:\WINDOWS\System32\ddrawe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] D:\avast\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\avast\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 30
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

fait un scan ici stp
http://www.prevx.com/filenames/1110956902364351580-0/DIVX_XX0.DLL.html

tu posteras le rapport ensuite ici

il reste toujours cette dll
DDRAWE.DLL
qui a l'air de tourner avec ceci : DIVX_XX0.DLL
PrevX le reconnait visiblement, j'aimerai savoir si y en a d'autres.

@ demain, je pense pouvoir repasser en journée
0
Réponse 26 / 30
guitou74
 
Voici le rapport du scan :


Prevx CSI
Computer Security Investigator Output Log
System analyzed at: 19:09:12 11/12/07

C:\WINDOWS\System32\smss.exe
Loaded into: C:\WINDOWS\System32\smss.exe
PX5: B6291379003D4824B2DE00BD2CEA4600ED7D8F6C
MD5: 4fb32130383319d292cb8ae6aa876c82
Determination: GOOD

C:\WINDOWS\System32\ntdll.dll
Loaded into: C:\WINDOWS\System32\smss.exe
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\aswUpdSv.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
PX5: B4632A5700D7264B52ED0A9D0D847300521878CD
MD5: ed7144eb5fb17cf6942dc227a0e16c08
Determination: GOOD

C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager\SubSystems\Windows %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
PX5: 4077BB1700B4CE2E10A400C59832C500B79BCD14
MD5: c111b3320254c61ff096e69786796faa
Determination: GOOD

C:\WINDOWS\system32\CSRSRV.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
PX5: 4B255A0E0000D7A77255004F7E5F020081142449
MD5: 469b7d962cf35c8b96c4af87a74864ab
Determination: GOOD

C:\WINDOWS\system32\basesrv.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager\SubSystems\Windows %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
PX5: 0F4DD8D700C7F772B09A00FD39FF9200CCEE7F42
MD5: a1bf3f6d650b88728a62fc8ecf966eb4
Determination: GOOD

C:\WINDOWS\system32\winsrv.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
PX5: 900484C8007D74743C3504DA607A0500BF58F54D
MD5: ca995e59ecc49bc74c3fefd466ce7e10
Determination: GOOD

C:\WINDOWS\system32\USER32.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\aswUpdSv.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
PX5: 961877EE00FC03AE94DC081243C5310060E27D4D
MD5: 0116f8b66043084912d4ceb1c3abf1e2
Determination: GOOD

C:\WINDOWS\system32\KERNEL32.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\aswUpdSv.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
PX5: 3BA5729100C4AFD022960F1012E03B00FAB557E0
MD5: d2f8abe9d848db34d2c52f3f5cd6ac35
Determination: GOOD

C:\WINDOWS\system32\GDI32.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\aswUpdSv.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
PX5: A796790E00D29392B0E003BDB50E6D0022ACE809
MD5: 5aace9facc320148ae61cfc84192e499
Determination: GOOD

C:\WINDOWS\system32\ADVAPI32.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\aswUpdSv.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
PX5: E370FE0300F540AC6E870984AB485400287EE287
MD5: 2f3bfd4beaad97f11be4bef60c84b951
Determination: GOOD

C:\WINDOWS\system32\RPCRT4.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\aswUpdSv.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncacn_np rpcrt4.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncacn_ip_tcp rpcrt4.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncadg_ip_udp rpcrt4.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncacn_http rpcrt4.dll
PX5: 17DEADBC008652DFC2E906FCCAC3D700B6313460
MD5: 82f8170c3e9ba92eb0736fc2d0d6f5df
Determination: GOOD

C:\WINDOWS\System32\sxs.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: AAE6ABDF00CAB9CCF0DB095D0D75F000A0A467F6
MD5: e46993024bb9224f3348a140340b102e
Determination: GOOD

C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: B7BE562A00E8C7FDA00D067B45228B00E4E10EA2
MD5: 7486a7d62930d64e83cd847c3c69e7cc
Determination: GOOD

C:\WINDOWS\system32\AUTHZ.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: D8C3BFE400F8DDF7C83100F1931F45003DCEE17C
MD5: be0a897d177b469bf0df46c1d66d8435
Determination: GOOD

C:\WINDOWS\system32\msvcrt.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\aswUpdSv.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
PX5: 5E03B17C00AB6003EC43040371CC7800DAD06999
MD5: 8f7b88f435bde5b128910eb3c12504ea
Determination: GOOD

C:\WINDOWS\system32\CRYPT32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\DllName crypt32.dll
PX5: 65D2D69A00B19FBC6A4B08E4C137A600521687F1
MD5: 456781b2815f7c19425218653842ab16
Determination: GOOD

C:\WINDOWS\system32\MSASN1.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: D113F0FF00F732B6CAE000F845655B002D594985
MD5: fecb8a719d7611d7dd5857d9b4f4799e
Determination: GOOD

C:\WINDOWS\system32\NDdeApi.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: C80DA946004C3A193EBF0019BA42CA003B43D74A
MD5: 4d02a16e5514c9ecc127460dd2f724f1
Determination: GOOD

C:\WINDOWS\system32\PROFMAP.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: F01291C0006CEF62709B00F858D63700238A49FD
MD5: 3f164d74164a8caa873b7d868e8939b4
Determination: GOOD

C:\WINDOWS\system32\NETAPI32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: C56A241900EDED9A9A5104BE8E808F00CF4DFC87
MD5: 618fca1594377020598a8300b97e2112
Determination: GOOD

C:\WINDOWS\system32\USERENV.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 2AE12BEA00968727383D0A74F048150054D83D9D
MD5: b5d51920a50e7749530da3aa90e5a979
Determination: GOOD

C:\WINDOWS\system32\PSAPI.DLL
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: AA133FEF009257AC44B5003795F2980031B0D107
MD5: d98b8288eb7e118b1087b0412bca0abe
Determination: GOOD

C:\WINDOWS\system32\REGAPI.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 2E50D5170011B3C5AC6600AED01231002869882C
MD5: ea4f9639254fc5abb2e1bd54fc1ba476
Determination: GOOD

C:\WINDOWS\system32\Secur32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService secur32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\10 secur32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\16 secur32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService secur32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\18 secur32.dll
PX5: 970F9A6E0070C021CC99002EAF887C0032CDE05F
MD5: cb70e127714fa8d0b26a05e99bf4078d
Determination: GOOD

C:\WINDOWS\system32\SETUPAPI.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 5BC0D08F00A90331620A0E0CB5917500B98ECADF
MD5: 4fd784f1889119c02d49e454bde2b592
Determination: GOOD

C:\WINDOWS\system32\sfc_os.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 8F6E4FD100D9DEFE0E1002E9C9A29900C051E178
MD5: 116e012f1b2d97cc42f3f03c10eb764f
Determination: GOOD

C:\WINDOWS\system32\WINTRUST.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 73CF8F1E00F25C988CD202827B7FA9007B09C27E
MD5: 9a62433eb2d36cf4d3082dfaf8c6c5c4
Determination: GOOD

C:\WINDOWS\system32\ole32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
PX5: 604E5D45009FE3CBDE6C1057434F6C0010875E62
MD5: 7e8fe767ac2b613fbac177e698b7af82
Determination: GOOD

C:\WINDOWS\system32\IMAGEHLP.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: DBE9FC2F0056C2EBF00801E883C9E400403E35BA
MD5: 0ed176f9cf6b985e1c5c6ca9b5b5adf9
Determination: GOOD

C:\WINDOWS\system32\VERSION.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
PX5: 810E260B002D87FD4058009B694699005C0D39A7
MD5: 915b1774c773fd87e3f3a5af4523cbe1
Determination: GOOD

C:\WINDOWS\system32\WINSTA.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PX5: BC28803A002D79BAB8A50037CF5301007671F281
MD5: 4c897fcf8571112e24dae2a4ec2973db
Determination: GOOD

C:\WINDOWS\system32\WS2_32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\aswUpdSv.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 43E562AD00E8011426DB0113C1233A00AE459314
MD5: 20c6d9f9522dda0f9a8e4b8641ca9245
Determination: GOOD

C:\WINDOWS\system32\WS2HELP.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\aswUpdSv.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 836BEC8900C179DA4A330097ADC473009CDF283C
MD5: 66ec105c3fe9095f3b5d00475ef5a75c
Determination: GOOD

C:\WINDOWS\system32\MSGINA.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: 34A6F43000CEAA6F94EE1082B24BE6002A3B4D67
MD5: 69d0cd153c718cb2b653774ad903d5fe
Determination: GOOD

C:\WINDOWS\system32\SHELL32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet rundll32 shell32,Control_RunDLL "sysdm.cpl"
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\StubPath regsvr32.exe /s /n /i:U shell32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9}
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9}
Loaded from: \REGISTRY\User\S-1-5-21-790525478-287218729-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} !.\._..... . [C." . . . . L ... . F.
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Open With\(default) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(default) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\(default) .pingle du menu D.marrer
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu\(default) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\FileSystem\(default) {217FC9C0-3AEA-1069-A2DB-08002B30309D}
Loaded from: \REGISTRY\User\S-1-5-21-790525478-287218729-725345543-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\BarSize ..
PX5: AECBADD6001AFA653492C3A712FAEC0011C419AF
Determination: GOOD

C:\WINDOWS\system32\SHLWAPI.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
PX5: C486F6B200AF3A1F646D06AC2BB1D000179C507C
MD5: dcb6cede5af7409a3a35fbaae772f839
Determination: GOOD

C:\WINDOWS\system32\COMCTL32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
PX5: DF6C649D00B0903082A508FF5448CC009546A191
MD5: 0193b72d769d006d4ba4e5158ce0c37a
Determination: GOOD

C:\WINDOWS\system32\ODBC32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: 8081B1CE0099B0C4101C034A2C99C2001D39EA6A
MD5: 79ff492db9e0a61d43b351612d6f05b5
Determination: GOOD

C:\WINDOWS\system32\comdlg32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 3E19DF8C0089499D0209048163F82F007FC73029
MD5: d6b4540350baf4b58f15ba95250434b4
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Guitou et madeline\Bureau\PREVXCSIFREE.EXE
PX5: 55F9AAD4003BD3490E600E5233CB73005E58B7A8
MD5: aef3d788dbf40c7c4d204ea45eb0c505
Determination: GOOD

C:\WINDOWS\system32\odbcint.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: 5DFC442400EA974C8015011B07259B0039B62BE9
MD5: 5dbb03407e22214704e65ceccf42a694
Determination: GOOD

C:\WINDOWS\system32\SHSVCS.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 0FF86E63006220AFC23F0161B8B27500929C5820
MD5: 50ca3d27ca3bb87a5602ca188ebed4b8
Determination: GOOD

C:\WINDOWS\system32\sfc.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 91A5D03700E06F2D10DE00EF09037600B79BCD14
MD5: a8418b5fe185b405fe34d2703b54e97f
Determination: GOOD

C:\WINDOWS\system32\WINSCARD.DLL
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: A242F32C005ECC5F704C0123001A0C0048169371
MD5: 78b841af5ac652cb1b2052dc27c9ee4e
Determination: GOOD

C:\WINDOWS\system32\WTSAPI32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PX5: 1644796C0044CE4142CE007B3387470027BA975F
MD5: d7390b6ce3b9cb455c5ee9bdfdea5aa2
Determination: GOOD

C:\WINDOWS\system32\uxtheme.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Loaded into: C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 871D10390070C4BF1CD90343EF3F2B00FA3909CB
MD5: 8e4fdf9d93391e45bca49493e6e46804
Determination: GOOD

C:\WINDOWS\system32\WINMM.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 54795B430043481AAC1A02A4A574B600FE3ED151
MD5: 0f19a321e623332c9aa11743d0f61cba
Determination: GOOD

C:\WINDOWS\system32\cscdll.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\DLLName cscdll.dll
PX5: 583F7C8E00B215A562B60151BCBF410010DC1E2B
MD5: 082dd0b75a48deaccaf11ddaec444ae6
Determination: GOOD

C:\WINDOWS\system32\WlNotify.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\DLLName wlnotify.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule\DllName wlnotify.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\DLLName WlNotify.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv\DllName wlnotify.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon\DLLName wlnotify.dll
PX5: 82F87A4A00F75B8C566601AE0EE04A0030070540
MD5: ae2bdde434f085d1639857002a02dcc4
Determination: GOOD

C:\WINDOWS\system32\WINSPOOL.DRV
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 25EE1B99005E029504D50289138B1F006AFDF3D8
MD5: 7431b9f651c7eabfbc2eaaf7d5b19a33
Determination: GOOD

C:\WINDOWS\system32\MPR.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: CA521A400006EA02DACC00906E52310033DF3910
MD5: 5bbe835077ec151f63646f213326a317
Determination: GOOD

C:\WINDOWS\System32\rsaenh.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
PX5: 21F573B20019B48F02B0021BE9687600BECDC2BD
MD5: b18f29e8b13cd467e638f78310b11420
Determination: GOOD

C:\WINDOWS\system32\SAMLIB.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
PX5: 3645694A002C2E23D6DB00326D03B900D5768251
MD5: 8183ca6b2fdce6f5ac1d4fb063a73f96
Determination: GOOD

C:\WINDOWS\system32\msv1_0.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Authentication Packages msv1_0
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Security Packages kerberos msv1_0 schannel wdigest
PX5: 2207938100CBDC32A6D201BFBE121F00582ED879
MD5: 1b36258ba27075bf89beb9e4b50c715c
Determination: GOOD

C:\WINDOWS\system32\wldap32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 672EED870083EA7292EF026838F6550001C1E5FF
MD5: a883d80fc8c8b1cb05465b58c44bf5dc
Determination: GOOD

C:\WINDOWS\system32\RASAPI32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: F1556EBA007B5A1E464103D253F8E400FDC07584
MD5: ab0a13ced7509d26f04209a3f2f4e4e6
Determination: GOOD

C:\WINDOWS\system32\rasman.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 5FB7C97F003EE36FDA1D001910F2D30026260729
MD5: 9526f36d489764ea8b09273780d755df
Determination: GOOD

C:\WINDOWS\system32\TAPI32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 0886510700E16B5F7E4D02531A92F20029BBC886
MD5: 6d1600460c85b209496a03651d7a9bfc
Determination: GOOD

C:\WINDOWS\system32\rtutils.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PX5: 66496CCA009633459C50009E7DD31D00C4DE53B9
MD5: 70eabe13a6452a2604cb207496b0276c
Determination: GOOD

C:\WINDOWS\system32\cscui.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{750fdf0e-2a26-11d1-a3ea-080036587f03} Offline Files Menu
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{10CFC467-4392-11d2-8DB4-00C04FA31A66} Offline Files Folder Options
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} Dossier Fichiers hors connexion
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Offline Files\(default) {750fdf0e-2a26-11d1-a3ea-080036587f03}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\Offline Files\(default) {750fdf0e-2a26-11d1-a3ea-080036587f03}
PX5: 6CE572B9002FC9B2D4900408DB417500D099A47E
MD5: 0fbcc6d699d4be0e258599278703be04
Determination: GOOD

C:\WINDOWS\system32\COMRes.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
PX5: 8F569CC20042CFE100B80DFEFCA4730059853A23
MD5: 947e9f85d05dfc633c971d2bb4f05aaf
Determination: GOOD

C:\WINDOWS\system32\OLEAUT32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: D:\avast\ashServ.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashWebSv.exe
Loaded into: D:\avast\ashMaiSv.exe
Loaded into: C:\WINDOWS\System32\LVCOMSX.EXE
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\WINDOWS\System32\RUNDLL32.EXE
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Loaded into: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\WINDOWS\System32\ctfmon.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
Loaded into: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Loaded into: C:\WINDOWS\System32\wuauclt.exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Program Files\MSN Messenger\usnsvc.exe
PX5: 05FDA58E009ED076B00B08401DF22400C41D4FD0
MD5: 7057607385419cd31f68c93d829d55cc
Determination: GOOD

C:\WINDOWS\system32\NTMARTA.DLL
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\System32\nvsvc32.exe
Loaded into: D:\Daemon tools\daemon.exe
Loaded into: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PX5: 5664987F004D46D5B2310136804EA600AD1C74AB
MD5: 61a23812b687469e969f6939d7e58ae2
Determination: GOOD

C:\WINDOWS\system32\wdmaud.drv
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: D:\avast\ashDisp.exe
Loaded into: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Loaded into: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midi wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\wave wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midi3 wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\aux wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\wave3 wdmaud.drv
Loaded f
0
Réponse 27 / 30
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

je suis désolée de ce retard, mais je n'ai pas pu venir depuis l'autre jour. Problème perso.

TOn rapport ne semble pas entier. avait il trouvé quelque chose stp ?
0
Réponse 28 / 30
guitou74
 
Bonjour, en effet je n'avais pas vu,

Oui il a trouvé une chose, cela concernait Ddrawe.dll

Je te reposte la fin du message ce soir car la je suis au taf.

Bonne journée
0
Réponse 29 / 30
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonjour,

ok surtout ce qui correspond à la dll en question qui m'intéresse.

à plus tard
0
Réponse 30 / 30
guitou74
 
Bonjour, je viens de reformater car cela me saouler un peu trop

Merci de ton aide

Ciao
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
processus searchfilterhost
sisylphe -
Xblade -

4 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Ce site est-il une arnaque ?!?
Doughans -
Gege -

13 réponses