21 réponses
Utilisateur anonyme
21 août 2010 à 20:28
21 août 2010 à 20:28
"Quelle est la personne qui t'aide" ?
Ou alors donnes le lien de ta discussin avec la personne qui t'aide ...
a+
Ou alors donnes le lien de ta discussin avec la personne qui t'aide ...
a+
Signaler gen-hackman 46285Messages postés 30 avril 2008Date d'inscription 21 août 2010Dernière intervention 21 aoû 2010 à 03:31
salut :
Télécharge rkill :
? https://download.bleepingcomputer.com/grinler/rkill.exe
? https://download.bleepingcomputer.com/grinler/rkill.com
? https://download.bleepingcomputer.com/grinler/rkill.scr
? http://download.bleepingcomputer.com/grinler/rkill.pif
? Enregistre-le sur ton Bureau
? Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)
Un bref écran noir t'indiquera que le tool s'est correctement exécuté, s'il ne se lance pas,
change de lien de téléchargement.
une fois qu'il aura terminé
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
? Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
? Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
? laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
??? NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
? Clique sur Parcourir et cherche le fichier ci-dessus.
? Clique sur Ouvrir.
? Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
? Copie ce lien dans ta réponse.
? Fais de même avec more.txt qui se trouve sur ton bureau
Ajouter un commentaire - Permalink (#1)
salut :
Télécharge rkill :
? https://download.bleepingcomputer.com/grinler/rkill.exe
? https://download.bleepingcomputer.com/grinler/rkill.com
? https://download.bleepingcomputer.com/grinler/rkill.scr
? http://download.bleepingcomputer.com/grinler/rkill.pif
? Enregistre-le sur ton Bureau
? Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)
Un bref écran noir t'indiquera que le tool s'est correctement exécuté, s'il ne se lance pas,
change de lien de téléchargement.
une fois qu'il aura terminé
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
? Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
? Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
? laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
??? NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
? Clique sur Parcourir et cherche le fichier ci-dessus.
? Clique sur Ouvrir.
? Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
? Copie ce lien dans ta réponse.
? Fais de même avec more.txt qui se trouve sur ton bureau
Ajouter un commentaire - Permalink (#1)
Bonjour, j'ai un gros probleme et j'aimerai savoir si quelqu'un peu m'aider. J'ai un virus dans mon ordi qui ce nomme security tool avec ce virus je ne peux me connecter sur internet et je ne peux pas aller en mode sans échec, pour scané mon ordi avec mon anti virus. Pour le mode sans échec j'ai essayé f5 f8 passé par executé mais sans resultas. J'ai windows xp
Merci beaucoup a bientot j'espere
blues
Merci beaucoup a bientot j'espere
blues
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j'ai les reponse mais je ne peux pas les envoyé (les liens) mais parcontre je peux t'envoyé ses messages je ne comprend plus rien
quand je demarre mon ordi j'ai se message rundll; erreur de chargement de lyyop.dll le module specific est introuvable j'avais security tool qui ouvrait tout le temps (virus) et qui me laissait rien faire je ne pouvais pas aller sur mon anti-virus, aller en mode sans echec et aller sur internet maintenant j'ai juste le message d'erreur et je ne peux pas aller sur internet j'ai téléphoné a mon fournisseur et il ne peut rien faire
User : celine rollin (Administrateurs)
Update on 21/08/2010 by g3n-h@ckm@n ::::: 03.50
Start at: 22:17:26 | 2010-08-20
Intel(R) Pentium(R) 4 CPU 2.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 55,9 Go (23,51 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible | 1,86 Go (1,75 Go free) [My GS Drive] | FAT
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 128 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 2256 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 1984 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 1804 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 2332 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 1860 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 1756 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\Program Files\Windows Defender\MsMpEng.exe ---- 40016 Ko ---- Normal ---- "C:\Program Files\Windows Defender\MsMpEng.exe" ---- Microsoft Corporation
C:\WINDOWS\System32\svchost.exe ---- 24272 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\Program Files\Ahead\InCD\InCDsrv.exe ---- 880 Ko ---- Normal ---- "C:\Program Files\Ahead\InCD\InCDsrv.exe" ----
C:\WINDOWS\System32\svchost.exe ---- 812 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k NetworkService ----
C:\WINDOWS\System32\svchost.exe ---- 868 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\spoolsv.exe ---- 1580 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\System32\svchost.exe ---- 536 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k LocalService ----
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe ---- 288 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe" ---- ArcSoft, Inc.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---- 596 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" ---- Apple Inc.
C:\Program Files\AskBarDis\bar\bin\AskService.exe ---- 716 Ko ---- Normal ---- "C:\Program Files\AskBarDis\bar\bin\AskService.exe" ---- Ask.com
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ---- 440 Ko ---- Normal ---- "C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe" ---- Ask.com
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- 2664 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- AVG Technologies
C:\Program Files\Bonjour\mDNSResponder.exe ---- 616 Ko ---- Normal ---- "C:\Program Files\Bonjour\mDNSResponder.exe" ---- Apple Inc.
C:\Program Files\Java\jre6\bin\jqs.exe ---- 1404 Ko ---- Idle ---- "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe ---- 1044 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe" ---- Logitech Inc
C:\WINDOWS\System32\NMSSvc.exe ---- 1168 Ko ---- Normal ---- C:\WINDOWS\System32\NMSSvc.exe ----
C:\WINDOWS\system32\slserv.exe ---- 316 Ko ---- Normal ---- slserv.exe ----
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ---- 228 Ko ---- Normal ---- "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ----
C:\WINDOWS\System32\svchost.exe ---- 2092 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k imgsvc ----
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe ---- 1352 Ko ---- Normal ---- "C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" ----
C:\PROGRA~1\AVG\AVG8\avgtray.exe ---- 3148 Ko ---- Normal ---- "C:\PROGRA~1\AVG\AVG8\avgtray.exe" ---- AVG Technologies
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe ---- 1656 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" ---- ArcSoft, Inc.
C:\Program Files\Microsoft IntelliPoint\ipoint.exe ---- 4360 Ko ---- Normal ---- "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" ---- Microsoft Corporation
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ---- 2524 Ko ---- Normal ---- "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide ---- Logitech Inc
C:\Program Files\iTunes\iTunesHelper.exe ---- 3156 Ko ---- Normal ---- "C:\Program Files\iTunes\iTunesHelper.exe" ---- Apple Inc.
C:\Program Files\Java\jre6\bin\jusched.exe ---- 404 Ko ---- Normal ---- "C:\Program Files\Java\jre6\bin\jusched.exe" ---- Sun Microsystems, Inc.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe ---- 1324 Ko ---- Normal ---- "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW ---- DivX, Inc.
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE ---- 1180 Ko ---- Normal ---- "C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE" ----
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE ---- 2172 Ko ---- Normal ---- "C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE" ----
C:\WINDOWS\system32\ctfmon.exe ---- 684 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Compaq\EAKDRV\EAUSBKBD.EXE ---- 1432 Ko ---- Normal ---- "C:\Compaq\EAKDRV\EAUSBKBD.EXE" ----
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe ---- 1732 Ko ---- Normal ---- C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe -Embedding ----
C:\PROGRA~1\AVG\AVG8\avgemc.exe ---- 748 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgemc.exe ---- AVG Technologies
C:\PROGRA~1\AVG\AVG8\avgrsx.exe ---- 86532 Ko ---- Normal ---- avgrsx.exe ---- AVG Technologies
C:\PROGRA~1\AVG\AVG8\avgnsx.exe ---- 944 Ko ---- Normal ---- avgnsx.exe ---- AVG Technologies
C:\Program Files\AVG\AVG8\avgcsrvx.exe ---- 388 Ko ---- Normal ---- /pipeName=48b107c2-0bb4-42ca-aa71-5a93bbb98d14 /coreSdkOptions=0 /binaryPath="C:\Program Files\AVG\AVG8\" ---- AVG Technologies
C:\Program Files\Logitech\Logitech Vid\Vid.exe ---- 12496 Ko ---- Normal ---- "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode ---- Logitech Inc
C:\WINDOWS\system32\rundll32.exe ---- 880 Ko ---- Normal ---- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\rapryl.dll",Startup ----
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe ---- 1312 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe" -Embedding ---- Logitech Inc
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ---- 6280 Ko ---- Normal ---- "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -hx ----
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe ---- 1300 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe" ----
C:\WINDOWS\System32\alg.exe ---- 788 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\Program Files\iPod\bin\iPodService.exe ---- 1960 Ko ---- Normal ---- "C:\Program Files\iPod\bin\iPodService.exe" ---- Apple Inc.
C:\WINDOWS\System32\wbem\wmiapsrv.exe ---- 1260 Ko ---- Normal ---- C:\WINDOWS\System32\wbem\wmiapsrv.exe ----
C:\WINDOWS\system32\NOTEPAD.EXE ---- 460 Ko ---- Normal ---- "C:\WINDOWS\system32\NOTEPAD.EXE" C:\rkill.log ----
C:\WINDOWS\explorer.exe ---- 17636 Ko ---- Normal ---- C:\WINDOWS\explorer.exe ----
C:\WINDOWS\system32\rundll32.exe ---- 2484 Ko ---- Normal ---- rundll32.exe "C:\WINDOWS\rapryl.dll",iep ----
C:\Program Files\AVG\AVG8\avgui.exe ---- 2724 Ko ---- Normal ---- "C:\Program Files\AVG\AVG8\avgui.exe" ---- AVG Technologies
C:\Program Files\Windows Defender\MpCmdRun.exe ---- 4772 Ko ---- Normal ---- "C:\Program Files\Windows Defender\MpCmdRun.exe" Scan -RestrictPrivileges -Reinvoke ---- Microsoft Corporation
C:\WINDOWS\system32\cmd.exe ---- 3304 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7248 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 3512 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
Update on 21/08/2010 by g3n-h@ckm@n ::::: 03.50
Start at: 22:17:26 | 2010-08-20
Intel(R) Pentium(R) 4 CPU 2.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 55,9 Go (23,51 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible | 1,86 Go (1,75 Go free) [My GS Drive] | FAT
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 128 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 2256 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 1984 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 1804 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 2332 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 1860 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 1756 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\Program Files\Windows Defender\MsMpEng.exe ---- 40016 Ko ---- Normal ---- "C:\Program Files\Windows Defender\MsMpEng.exe" ---- Microsoft Corporation
C:\WINDOWS\System32\svchost.exe ---- 24272 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\Program Files\Ahead\InCD\InCDsrv.exe ---- 880 Ko ---- Normal ---- "C:\Program Files\Ahead\InCD\InCDsrv.exe" ----
C:\WINDOWS\System32\svchost.exe ---- 812 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k NetworkService ----
C:\WINDOWS\System32\svchost.exe ---- 868 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\spoolsv.exe ---- 1580 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\System32\svchost.exe ---- 536 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k LocalService ----
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe ---- 288 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe" ---- ArcSoft, Inc.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---- 596 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" ---- Apple Inc.
C:\Program Files\AskBarDis\bar\bin\AskService.exe ---- 716 Ko ---- Normal ---- "C:\Program Files\AskBarDis\bar\bin\AskService.exe" ---- Ask.com
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ---- 440 Ko ---- Normal ---- "C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe" ---- Ask.com
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- 2664 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- AVG Technologies
C:\Program Files\Bonjour\mDNSResponder.exe ---- 616 Ko ---- Normal ---- "C:\Program Files\Bonjour\mDNSResponder.exe" ---- Apple Inc.
C:\Program Files\Java\jre6\bin\jqs.exe ---- 1404 Ko ---- Idle ---- "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe ---- 1044 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe" ---- Logitech Inc
C:\WINDOWS\System32\NMSSvc.exe ---- 1168 Ko ---- Normal ---- C:\WINDOWS\System32\NMSSvc.exe ----
C:\WINDOWS\system32\slserv.exe ---- 316 Ko ---- Normal ---- slserv.exe ----
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ---- 228 Ko ---- Normal ---- "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ----
C:\WINDOWS\System32\svchost.exe ---- 2092 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k imgsvc ----
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe ---- 1352 Ko ---- Normal ---- "C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" ----
C:\PROGRA~1\AVG\AVG8\avgtray.exe ---- 3148 Ko ---- Normal ---- "C:\PROGRA~1\AVG\AVG8\avgtray.exe" ---- AVG Technologies
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe ---- 1656 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" ---- ArcSoft, Inc.
C:\Program Files\Microsoft IntelliPoint\ipoint.exe ---- 4360 Ko ---- Normal ---- "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" ---- Microsoft Corporation
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ---- 2524 Ko ---- Normal ---- "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide ---- Logitech Inc
C:\Program Files\iTunes\iTunesHelper.exe ---- 3156 Ko ---- Normal ---- "C:\Program Files\iTunes\iTunesHelper.exe" ---- Apple Inc.
C:\Program Files\Java\jre6\bin\jusched.exe ---- 404 Ko ---- Normal ---- "C:\Program Files\Java\jre6\bin\jusched.exe" ---- Sun Microsystems, Inc.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe ---- 1324 Ko ---- Normal ---- "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW ---- DivX, Inc.
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE ---- 1180 Ko ---- Normal ---- "C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE" ----
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE ---- 2172 Ko ---- Normal ---- "C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE" ----
C:\WINDOWS\system32\ctfmon.exe ---- 684 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Compaq\EAKDRV\EAUSBKBD.EXE ---- 1432 Ko ---- Normal ---- "C:\Compaq\EAKDRV\EAUSBKBD.EXE" ----
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe ---- 1732 Ko ---- Normal ---- C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe -Embedding ----
C:\PROGRA~1\AVG\AVG8\avgemc.exe ---- 748 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgemc.exe ---- AVG Technologies
C:\PROGRA~1\AVG\AVG8\avgrsx.exe ---- 86532 Ko ---- Normal ---- avgrsx.exe ---- AVG Technologies
C:\PROGRA~1\AVG\AVG8\avgnsx.exe ---- 944 Ko ---- Normal ---- avgnsx.exe ---- AVG Technologies
C:\Program Files\AVG\AVG8\avgcsrvx.exe ---- 388 Ko ---- Normal ---- /pipeName=48b107c2-0bb4-42ca-aa71-5a93bbb98d14 /coreSdkOptions=0 /binaryPath="C:\Program Files\AVG\AVG8\" ---- AVG Technologies
C:\Program Files\Logitech\Logitech Vid\Vid.exe ---- 12496 Ko ---- Normal ---- "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode ---- Logitech Inc
C:\WINDOWS\system32\rundll32.exe ---- 880 Ko ---- Normal ---- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\rapryl.dll",Startup ----
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe ---- 1312 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe" -Embedding ---- Logitech Inc
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ---- 6280 Ko ---- Normal ---- "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -hx ----
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe ---- 1300 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe" ----
C:\WINDOWS\System32\alg.exe ---- 788 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\Program Files\iPod\bin\iPodService.exe ---- 1960 Ko ---- Normal ---- "C:\Program Files\iPod\bin\iPodService.exe" ---- Apple Inc.
C:\WINDOWS\System32\wbem\wmiapsrv.exe ---- 1260 Ko ---- Normal ---- C:\WINDOWS\System32\wbem\wmiapsrv.exe ----
C:\WINDOWS\system32\NOTEPAD.EXE ---- 460 Ko ---- Normal ---- "C:\WINDOWS\system32\NOTEPAD.EXE" C:\rkill.log ----
C:\WINDOWS\explorer.exe ---- 17636 Ko ---- Normal ---- C:\WINDOWS\explorer.exe ----
C:\WINDOWS\system32\rundll32.exe ---- 2484 Ko ---- Normal ---- rundll32.exe "C:\WINDOWS\rapryl.dll",iep ----
C:\Program Files\AVG\AVG8\avgui.exe ---- 2724 Ko ---- Normal ---- "C:\Program Files\AVG\AVG8\avgui.exe" ---- AVG Technologies
C:\Program Files\Windows Defender\MpCmdRun.exe ---- 4772 Ko ---- Normal ---- "C:\Program Files\Windows Defender\MpCmdRun.exe" Scan -RestrictPrivileges -Reinvoke ---- Microsoft Corporation
C:\WINDOWS\system32\cmd.exe ---- 3304 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7248 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 3512 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
============
Keys "Run"
============
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
Logitech Vid = "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
MoneyAgent = "c:\Program Files\Microsoft Money\System\Money Express.exe"
Cwehoxozoquqise = rundll32.exe "C:\WINDOWS\rapryl.dll",Startup
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CPQEASYACC = C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
ArcSoft Connection Service = C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
itype = "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
LogitechQuickCamRibbon = "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
LELA = "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
DivXUpdate = "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
sta = rundll32 "lyyop.dll",,Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Compaq
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=============
Other Keys
=============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
EnableLUA = 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
DefaultDomainName = CPQ22838397725
DefaultUserName = celine rollin
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ReportBootOk = 1
Shell = Explorer.exe
ShutdownWithoutLogon = 0
System =
Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iwsivs.exe
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota = -1 (0xffffffff)
allocatecdroms = 0
allocatedasd = 0
allocatefloppies = 0
cachedlogonscount = 10
forceunlocklogon = 0 (0x0)
passwordexpirywarning = 14 (0xe)
scremoveoption = 0
AllowMultipleTSSessions = 1 (0x1)
UIHost = logonui.exe
LogonType = 1 (0x1)
Background = 0 0 0
DebugServerCommand = no
SFCDisable = 0 (0x0)
WinStationsDisabled = 0
HibernationPreviouslyEnabled = 1 (0x1)
ShowLogonOptions = 0 (0x0)
AltDefaultUserName = celine rollin
AltDefaultDomainName = CPQ22838397725
AutoAdminLogon = 0
ChangePasswordUseKerberos = 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = Microsoft AntiMalware ShellExecuteHook
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\WINDOWS\system32\sessmgr.exe = C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019
C:\Program Files\AVG\AVG8\avgemc.exe = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
C:\Program Files\AVG\AVG8\avgupd.exe = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG8\avgnsx.exe = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
C:\WINDOWS\system32\iwsivs.exe = C:\WINDOWS\system32\iwsivs.exe:*:Enabled:IWSIVS
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Vuze\Azureus.exe = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
C:\WINDOWS\system32\mmc.exe = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
C:\WINDOWS\system32\dpvsetup.exe = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\VideoLAN\VLC\vlc.exe = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player
C:\Program Files\Bonjour\mDNSResponder.exe = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Logitech\Logitech Vid\Vid.exe = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid HD
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}]
=============
[SilentIEStubProcessing = Y]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{612BAA09-45A9-4B17-BA9F-64D5417A3D2B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
=====
BHO :
=====
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{21608B66-026F-4DCB-9244-0DACA328DCED}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
===
DNS
===
Keys "Run"
============
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
Logitech Vid = "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
MoneyAgent = "c:\Program Files\Microsoft Money\System\Money Express.exe"
Cwehoxozoquqise = rundll32.exe "C:\WINDOWS\rapryl.dll",Startup
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CPQEASYACC = C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
ArcSoft Connection Service = C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
itype = "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
LogitechQuickCamRibbon = "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
LELA = "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
DivXUpdate = "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
sta = rundll32 "lyyop.dll",,Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Compaq
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=============
Other Keys
=============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
EnableLUA = 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
DefaultDomainName = CPQ22838397725
DefaultUserName = celine rollin
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ReportBootOk = 1
Shell = Explorer.exe
ShutdownWithoutLogon = 0
System =
Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iwsivs.exe
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota = -1 (0xffffffff)
allocatecdroms = 0
allocatedasd = 0
allocatefloppies = 0
cachedlogonscount = 10
forceunlocklogon = 0 (0x0)
passwordexpirywarning = 14 (0xe)
scremoveoption = 0
AllowMultipleTSSessions = 1 (0x1)
UIHost = logonui.exe
LogonType = 1 (0x1)
Background = 0 0 0
DebugServerCommand = no
SFCDisable = 0 (0x0)
WinStationsDisabled = 0
HibernationPreviouslyEnabled = 1 (0x1)
ShowLogonOptions = 0 (0x0)
AltDefaultUserName = celine rollin
AltDefaultDomainName = CPQ22838397725
AutoAdminLogon = 0
ChangePasswordUseKerberos = 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = Microsoft AntiMalware ShellExecuteHook
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\WINDOWS\system32\sessmgr.exe = C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019
C:\Program Files\AVG\AVG8\avgemc.exe = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
C:\Program Files\AVG\AVG8\avgupd.exe = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG8\avgnsx.exe = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
C:\WINDOWS\system32\iwsivs.exe = C:\WINDOWS\system32\iwsivs.exe:*:Enabled:IWSIVS
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Vuze\Azureus.exe = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
C:\WINDOWS\system32\mmc.exe = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
C:\WINDOWS\system32\dpvsetup.exe = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\VideoLAN\VLC\vlc.exe = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player
C:\Program Files\Bonjour\mDNSResponder.exe = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Logitech\Logitech Vid\Vid.exe = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid HD
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}]
=============
[SilentIEStubProcessing = Y]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{612BAA09-45A9-4B17-BA9F-64D5417A3D2B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
=====
BHO :
=====
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{21608B66-026F-4DCB-9244-0DACA328DCED}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
===
DNS
===
==================
Internet Explorer :
==================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = http://google.ca/
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
=======================
Proxy Internet Explorer
=======================
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 0 (0x0)
ProxyEnable = 0 (0x0)
=============
Proxy Firefox
=============
=========
TaskCache
=========
====
IFEO
====
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Salwrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]
===============
File Protection
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
SFCDisable = -99 (0xffffff9d)
SFCScan = 0 (0x0)
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
[MD5.cdfe4411a69c224bd1d11b2da92dac51]
[SHA256.0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
C:\WINDOWS\$NtUninstallQ306583$\atapi.sys :
[MD5.a64013e98426e1877cb653685c5c0009]
[SHA256.1f2a1c91c6532e24309f4f70393b6e4c093b89736545b26034cd3d04850a90e2]
C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
55,90 Go total, 23,51 Go libre (42%), 9% fragment' (fragmentation du fichier 19%)
Il ne vous est pas n'cessaire de d'fragmenter ce volume.
============
Mountpoints2
============
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5d639a-6342-11de-af64-0010dc698ab8}\shell\autorun
Extended =
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5d639a-6342-11de-af64-0010dc698ab8}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5d639a-6342-11de-af64-0010dc698ab8}\shell\autorun\command
@ = 2u923g01.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5d639a-6342-11de-af64-0010dc698ab8}\shell\open\command
@ = 2u923g01.exe
Internet Explorer :
==================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = http://google.ca/
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
=======================
Proxy Internet Explorer
=======================
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 0 (0x0)
ProxyEnable = 0 (0x0)
=============
Proxy Firefox
=============
=========
TaskCache
=========
====
IFEO
====
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Salwrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]
===============
File Protection
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
SFCDisable = -99 (0xffffff9d)
SFCScan = 0 (0x0)
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
[MD5.cdfe4411a69c224bd1d11b2da92dac51]
[SHA256.0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
C:\WINDOWS\$NtUninstallQ306583$\atapi.sys :
[MD5.a64013e98426e1877cb653685c5c0009]
[SHA256.1f2a1c91c6532e24309f4f70393b6e4c093b89736545b26034cd3d04850a90e2]
C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
55,90 Go total, 23,51 Go libre (42%), 9% fragment' (fragmentation du fichier 19%)
Il ne vous est pas n'cessaire de d'fragmenter ce volume.
============
Mountpoints2
============
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5d639a-6342-11de-af64-0010dc698ab8}\shell\autorun
Extended =
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5d639a-6342-11de-af64-0010dc698ab8}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5d639a-6342-11de-af64-0010dc698ab8}\shell\autorun\command
@ = 2u923g01.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5d639a-6342-11de-af64-0010dc698ab8}\shell\open\command
@ = 2u923g01.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\AskBarDis
Present !! : C:\WINDOWS\$NtUninstallMTF1011$
Present !! : C:\WINDOWS\002127_.tmp
Present !! : C:\WINDOWS\002164_.tmp
Present !! : C:\WINDOWS\005011_.tmp
Present !! : C:\WINDOWS\SECA4.tmp
Present !! : C:\WINDOWS\System32\i
Present !! : C:\WINDOWS\Temp\04dfeb1e-f0ea-47f5-9d8c-80108a4f5477.tmp
Present !! : C:\WINDOWS\Temp\1636c18d-4d52-4206-8fc6-1fc91cdb6893.tmp
Present !! : C:\WINDOWS\Temp\1cf90004-dd15-4939-8318-6ed88530cd0e.tmp
Present !! : C:\WINDOWS\Temp\20096e0f-2c85-4d59-8885-a00625880e9d.tmp
Present !! : C:\WINDOWS\Temp\3dcd28e5-70fe-4986-91cb-3a087ef1c7a7.tmp
Present !! : C:\WINDOWS\Temp\43e3887f-993b-4982-8ca8-553b73fef7af.tmp
Present !! : C:\WINDOWS\Temp\53dc6baf-bfe8-448a-a782-50f77f5c99d3.tmp
Present !! : C:\WINDOWS\Temp\6300dc1e-07af-40df-bdde-7923e9b79afd.tmp
Present !! : C:\WINDOWS\Temp\6560d4f9-f9df-4f27-ba01-183f7be0d345.tmp
Present !! : C:\WINDOWS\Temp\84118ca3-fb8b-425b-8614-6ec2d1f449fc.tmp
Present !! : C:\WINDOWS\Temp\9450a57b-22a3-4106-bede-9365d2d32798.tmp
Present !! : C:\WINDOWS\Temp\ae1fdfd6-fd54-4bd2-b857-3a3ed906b08d.tmp
Present !! : C:\WINDOWS\Temp\c3bc8347-26b6-4c47-b2a9-8c3f8256ed22.tmp
Present !! : C:\WINDOWS\Temp\c6474578-47d1-4f04-b610-623b33f03b85.tmp
Present !! : C:\WINDOWS\Temp\c66500b9-219e-47b2-a121-e24d347582dd.tmp
Present !! : C:\WINDOWS\Temp\c8271654-edd6-487c-9150-4b23b65c3961.tmp
Present !! : C:\WINDOWS\Temp\ccf8084e-8e48-4d44-8d63-0236d3ff61b8.tmp
Present !! : C:\WINDOWS\Temp\d03e01bf-e40a-4a23-bac3-2aa0aeeaf3d0.tmp
Present !! : C:\WINDOWS\Temp\ea97f617-abf8-41e9-b60f-b7d4ee409df9.tmp
Present !! : C:\Documents and Settings\celine rollin\Application Data\Skinux
Present !! : C:\Documents and Settings\celine rollin\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\celine rollin\Local Settings\Temp\Pal.pal
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\axaqhkxg.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\iphsexmn.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\lvid_lvid.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\ogjpeed.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\regincd2.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\regtdi.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\stp5401c.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\stp6832a.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\7.4.20.2-EasyShrx.Dll
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\8.0.20.1-EasyShrx.Dll
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\swt-gdip-win32-3448.dll
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\swt-win32-3448.dll
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\uninst.dll
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\VistaLib32_1.dll
Present !! : C:\Documents and Settings\celine rollin\Local Settings\Temporary Internet Files\SuggestedSites.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : sta
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : "HKCU\Software\Antimalware Doctor Inc"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
Present !! : "HKLM\Software\Trymedia Systems"
Present !! : HKCR\AppID\{38061edc-40bb-4618-a8da-e56353347e6d}
Present !! : HKCR\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd}
Present !! : HKCR\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b}
Present !! : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Present !! : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
Present !! : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Present !! : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Present !! : HKCU\Software\AppDataLow\AskBarDis
Present !! : HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Present !! : HKLM\Software\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Present !! : HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Present !! : HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Present !! : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1"
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_sysdrv32
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\sysdrv32
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_sysdrv32
Present !! : HKLM\SYSTEM\ControlSet001\Services\sysdrv32
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_sysdrv32
Present !! : HKLM\SYSTEM\ControlSet003\Services\sysdrv32
FEATURE_BROWSER_EMULATION | svchost :
====================================
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 00:06:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82B2BEC5]<<
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify = 1 (0x1)
AntiVirusOverride = 1 (0x1)
FirewallDisableNotify = 1 (0x1)
FirewallOverride = 0 (0x0)
UpdatesDisableNotify = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 0:08:10,53
Present !! : C:\Program Files\AskBarDis
Present !! : C:\WINDOWS\$NtUninstallMTF1011$
Present !! : C:\WINDOWS\002127_.tmp
Present !! : C:\WINDOWS\002164_.tmp
Present !! : C:\WINDOWS\005011_.tmp
Present !! : C:\WINDOWS\SECA4.tmp
Present !! : C:\WINDOWS\System32\i
Present !! : C:\WINDOWS\Temp\04dfeb1e-f0ea-47f5-9d8c-80108a4f5477.tmp
Present !! : C:\WINDOWS\Temp\1636c18d-4d52-4206-8fc6-1fc91cdb6893.tmp
Present !! : C:\WINDOWS\Temp\1cf90004-dd15-4939-8318-6ed88530cd0e.tmp
Present !! : C:\WINDOWS\Temp\20096e0f-2c85-4d59-8885-a00625880e9d.tmp
Present !! : C:\WINDOWS\Temp\3dcd28e5-70fe-4986-91cb-3a087ef1c7a7.tmp
Present !! : C:\WINDOWS\Temp\43e3887f-993b-4982-8ca8-553b73fef7af.tmp
Present !! : C:\WINDOWS\Temp\53dc6baf-bfe8-448a-a782-50f77f5c99d3.tmp
Present !! : C:\WINDOWS\Temp\6300dc1e-07af-40df-bdde-7923e9b79afd.tmp
Present !! : C:\WINDOWS\Temp\6560d4f9-f9df-4f27-ba01-183f7be0d345.tmp
Present !! : C:\WINDOWS\Temp\84118ca3-fb8b-425b-8614-6ec2d1f449fc.tmp
Present !! : C:\WINDOWS\Temp\9450a57b-22a3-4106-bede-9365d2d32798.tmp
Present !! : C:\WINDOWS\Temp\ae1fdfd6-fd54-4bd2-b857-3a3ed906b08d.tmp
Present !! : C:\WINDOWS\Temp\c3bc8347-26b6-4c47-b2a9-8c3f8256ed22.tmp
Present !! : C:\WINDOWS\Temp\c6474578-47d1-4f04-b610-623b33f03b85.tmp
Present !! : C:\WINDOWS\Temp\c66500b9-219e-47b2-a121-e24d347582dd.tmp
Present !! : C:\WINDOWS\Temp\c8271654-edd6-487c-9150-4b23b65c3961.tmp
Present !! : C:\WINDOWS\Temp\ccf8084e-8e48-4d44-8d63-0236d3ff61b8.tmp
Present !! : C:\WINDOWS\Temp\d03e01bf-e40a-4a23-bac3-2aa0aeeaf3d0.tmp
Present !! : C:\WINDOWS\Temp\ea97f617-abf8-41e9-b60f-b7d4ee409df9.tmp
Present !! : C:\Documents and Settings\celine rollin\Application Data\Skinux
Present !! : C:\Documents and Settings\celine rollin\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\celine rollin\Local Settings\Temp\Pal.pal
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\axaqhkxg.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\iphsexmn.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\lvid_lvid.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\ogjpeed.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\regincd2.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\regtdi.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\stp5401c.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\stp6832a.exe
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\7.4.20.2-EasyShrx.Dll
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\8.0.20.1-EasyShrx.Dll
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\swt-gdip-win32-3448.dll
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\swt-win32-3448.dll
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\uninst.dll
Present !! : C:\Documents and Settings\celine rollin\LOCAL Settings\Temp\VistaLib32_1.dll
Present !! : C:\Documents and Settings\celine rollin\Local Settings\Temporary Internet Files\SuggestedSites.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : sta
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : "HKCU\Software\Antimalware Doctor Inc"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
Present !! : "HKLM\Software\Trymedia Systems"
Present !! : HKCR\AppID\{38061edc-40bb-4618-a8da-e56353347e6d}
Present !! : HKCR\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd}
Present !! : HKCR\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b}
Present !! : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Present !! : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
Present !! : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Present !! : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Present !! : HKCU\Software\AppDataLow\AskBarDis
Present !! : HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Present !! : HKLM\Software\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Present !! : HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Present !! : HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Present !! : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1"
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_sysdrv32
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\sysdrv32
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_sysdrv32
Present !! : HKLM\SYSTEM\ControlSet001\Services\sysdrv32
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_sysdrv32
Present !! : HKLM\SYSTEM\ControlSet003\Services\sysdrv32
FEATURE_BROWSER_EMULATION | svchost :
====================================
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 00:06:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82B2BEC5]<<
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify = 1 (0x1)
AntiVirusOverride = 1 (0x1)
FirewallDisableNotify = 1 (0x1)
FirewallOverride = 0 (0x0)
UpdatesDisableNotify = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 0:08:10,53
Utilisateur anonyme
21 août 2010 à 21:17
21 août 2010 à 21:17
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'option clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
mais cette fois-ci :
choisis l'option clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
====
DLLs
====
------------------------------------------------------------------------------
explorer.exe pid: 4032
Command line: C:\WINDOWS\explorer.exe
Base Size Version Path
0x01000000 0x100000 6.00.2900.5512 C:\WINDOWS\explorer.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x75f10000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x00c70000 0x1b000 12.10.1110.0000 C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x71a10000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\wsock32.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\appHelp.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x5b950000 0x73000 6.00.2900.5512 C:\WINDOWS\System32\themeui.dll
0x76310000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\MSIMG32.dll
0x01610000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x5ffb0000 0x33000 5.01.2600.5512 C:\WINDOWS\System32\msutb.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x00f00000 0x18000 2.03.0000.0000 C:\WINDOWS\rapryl.dll
0x76720000 0x9000 6.00.2900.5512 C:\WINDOWS\system32\shfolder.dll
0x76920000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76930000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76ac0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x40d30000 0xa94000 8.00.6001.18928 C:\WINDOWS\system32\ieframe.dll
0x76390000 0x1a9000 5.01.2600.5512 C:\WINDOWS\system32\NETSHELL.dll
0x76bb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x5b660000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x72640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x6da60000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x200e0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x024f0000 0x3d000 8.00.6001.18702 C:\WINDOWS\system32\webcheck.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x76540000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\stobject.dll
0x74a60000 0xa000 6.00.2900.5512 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x8000 6.00.2900.5512 C:\WINDOWS\System32\POWRPROF.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.4053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.4053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll
0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x75ef0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x71be0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll
0x75f00000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\SXS.DLL
0x6c650000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x03540000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x76340000 0x4a000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x03500000 0x2e000 3.80.0000.0000 C:\Program Files\WinRAR\rarext.dll
0x6c330000 0x1d000 8.05.0000.0401 C:\Program Files\AVG\AVG8\avgse.dll
0x75900000 0xfa000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x1c000000 0x1d000 4.03.0018.0000 C:\Program Files\Ahead\InCD\incdshx.dll
0x4eb80000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x73a80000 0x15000 5.01.2600.5627 C:\WINDOWS\system32\mscms.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x03810000 0x7000 10.00.0000.0831 c:\Program Files\Microsoft Money\System\urlmapps.dll
0x5ce00000 0x28000 6.00.2900.5512 C:\WINDOWS\System32\shmedia.dll
0x75ba0000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\MSVFW32.dll
0x73aa0000 0x17000 5.01.2600.5908 C:\WINDOWS\System32\AVIFIL32.dll
0x7d790000 0x20c000 9.00.0000.4509 C:\WINDOWS\system32\wmvcore.dll
0x038c0000 0x4f000 9.00.0000.4503 C:\WINDOWS\system32\DRMClien.DLL
0x73600000 0x7000 6.05.2600.5512 C:\WINDOWS\system32\msdmo.dll
0x59d10000 0x3c000 9.00.0000.4503 C:\WINDOWS\system32\WMASF.DLL
0x4b410000 0x29000 9.00.0000.4503 C:\WINDOWS\system32\wmidx.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x71800000 0x8e000 6.00.2900.5512 C:\WINDOWS\system32\shdoclc.dll
0x72380000 0x1a000 6.00.2900.5512 C:\WINDOWS\System32\mydocs.dll
No matching processes were found.
No matching processes were found.
No matching processes were found.
No matching processes were found.
No matching processes were found.
------------------------------------------------------------------------------
csrss.exe pid: 436
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x75ad0000 0xb000 5.01.2600.5915 C:\WINDOWS\system32\CSRSRV.dll
DLLs
====
------------------------------------------------------------------------------
explorer.exe pid: 4032
Command line: C:\WINDOWS\explorer.exe
Base Size Version Path
0x01000000 0x100000 6.00.2900.5512 C:\WINDOWS\explorer.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x75f10000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x00c70000 0x1b000 12.10.1110.0000 C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x71a10000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\wsock32.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\appHelp.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x5b950000 0x73000 6.00.2900.5512 C:\WINDOWS\System32\themeui.dll
0x76310000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\MSIMG32.dll
0x01610000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x5ffb0000 0x33000 5.01.2600.5512 C:\WINDOWS\System32\msutb.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x00f00000 0x18000 2.03.0000.0000 C:\WINDOWS\rapryl.dll
0x76720000 0x9000 6.00.2900.5512 C:\WINDOWS\system32\shfolder.dll
0x76920000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76930000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76ac0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x40d30000 0xa94000 8.00.6001.18928 C:\WINDOWS\system32\ieframe.dll
0x76390000 0x1a9000 5.01.2600.5512 C:\WINDOWS\system32\NETSHELL.dll
0x76bb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x5b660000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x72640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x6da60000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x200e0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x024f0000 0x3d000 8.00.6001.18702 C:\WINDOWS\system32\webcheck.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x76540000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\stobject.dll
0x74a60000 0xa000 6.00.2900.5512 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x8000 6.00.2900.5512 C:\WINDOWS\System32\POWRPROF.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.4053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.4053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll
0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x75ef0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x71be0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll
0x75f00000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\SXS.DLL
0x6c650000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x03540000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x76340000 0x4a000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x03500000 0x2e000 3.80.0000.0000 C:\Program Files\WinRAR\rarext.dll
0x6c330000 0x1d000 8.05.0000.0401 C:\Program Files\AVG\AVG8\avgse.dll
0x75900000 0xfa000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x1c000000 0x1d000 4.03.0018.0000 C:\Program Files\Ahead\InCD\incdshx.dll
0x4eb80000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x73a80000 0x15000 5.01.2600.5627 C:\WINDOWS\system32\mscms.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x03810000 0x7000 10.00.0000.0831 c:\Program Files\Microsoft Money\System\urlmapps.dll
0x5ce00000 0x28000 6.00.2900.5512 C:\WINDOWS\System32\shmedia.dll
0x75ba0000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\MSVFW32.dll
0x73aa0000 0x17000 5.01.2600.5908 C:\WINDOWS\System32\AVIFIL32.dll
0x7d790000 0x20c000 9.00.0000.4509 C:\WINDOWS\system32\wmvcore.dll
0x038c0000 0x4f000 9.00.0000.4503 C:\WINDOWS\system32\DRMClien.DLL
0x73600000 0x7000 6.05.2600.5512 C:\WINDOWS\system32\msdmo.dll
0x59d10000 0x3c000 9.00.0000.4503 C:\WINDOWS\system32\WMASF.DLL
0x4b410000 0x29000 9.00.0000.4503 C:\WINDOWS\system32\wmidx.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x71800000 0x8e000 6.00.2900.5512 C:\WINDOWS\system32\shdoclc.dll
0x72380000 0x1a000 6.00.2900.5512 C:\WINDOWS\System32\mydocs.dll
No matching processes were found.
No matching processes were found.
No matching processes were found.
No matching processes were found.
No matching processes were found.
------------------------------------------------------------------------------
csrss.exe pid: 436
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x75ad0000 0xb000 5.01.2600.5915 C:\WINDOWS\system32\CSRSRV.dll
0x75ae0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\basesrv.dll
0x75af0000 0x4b000 5.01.2600.5512 C:\WINDOWS\system32\winsrv.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\KERNEL32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
------------------------------------------------------------------------------
smss.exe pid: 372
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
------------------------------------------------------------------------------
winlogon.exe pid: 460
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x77680000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x758d0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\NDdeApi.dll
0x758c0000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\PROFMAP.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x005b0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x75900000 0xfa000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x4a000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x776a0000 0x24000 6.00.2900.5512 C:\WINDOWS\system32\SHSVCS.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\sfc_os.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x72340000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\WINSCARD.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll
0x6c1b0000 0x5000 8.05.0000.0401 C:\WINDOWS\system32\avgrsstx.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\cscdll.dll
0x46fc0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x758e0000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\WlNotify.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\system32\cscui.dll
0x01670000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
-----------------------------------------------------------------------
0x75af0000 0x4b000 5.01.2600.5512 C:\WINDOWS\system32\winsrv.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\KERNEL32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
------------------------------------------------------------------------------
smss.exe pid: 372
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
------------------------------------------------------------------------------
winlogon.exe pid: 460
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x77680000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x758d0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\NDdeApi.dll
0x758c0000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\PROFMAP.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x005b0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x75900000 0xfa000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x4a000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x776a0000 0x24000 6.00.2900.5512 C:\WINDOWS\system32\SHSVCS.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\sfc_os.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x72340000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\WINSCARD.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll
0x6c1b0000 0x5000 8.05.0000.0401 C:\WINDOWS\system32\avgrsstx.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\cscdll.dll
0x46fc0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x758e0000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\WlNotify.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\system32\cscui.dll
0x01670000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
-----------------------------------------------------------------------
------------------------------------------------------------------------------
svchost.exe pid: 672
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76870000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00910000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x766a0000 0x54000 5.01.2600.5512 c:\windows\system32\termsrv.dll
0x74ee0000 0x6000 5.01.2600.5512 c:\windows\system32\ICAAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 c:\windows\system32\SETUPAPI.dll
0x76be0000 0x2e000 5.131.2600.5922 c:\windows\system32\WINTRUST.dll
0x779e0000 0x97000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x75080000 0x1f000 5.01.2600.5512 c:\windows\system32\mstlsapi.dll
0x77c90000 0x32000 5.01.2600.5512 c:\windows\system32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 c:\windows\system32\adsldpc.dll
0x6fee0000 0x55000 5.01.2600.5694 c:\windows\system32\NETAPI32.dll
0x76ac0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
------------------------------------------------------------------------------
svchost.exe pid: 752
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x76870000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00910000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x10000000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x76f60000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
------------------------------------------------------------------------------
svchost.exe pid: 672
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76870000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00910000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x766a0000 0x54000 5.01.2600.5512 c:\windows\system32\termsrv.dll
0x74ee0000 0x6000 5.01.2600.5512 c:\windows\system32\ICAAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 c:\windows\system32\SETUPAPI.dll
0x76be0000 0x2e000 5.131.2600.5922 c:\windows\system32\WINTRUST.dll
0x779e0000 0x97000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x75080000 0x1f000 5.01.2600.5512 c:\windows\system32\mstlsapi.dll
0x77c90000 0x32000 5.01.2600.5512 c:\windows\system32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 c:\windows\system32\adsldpc.dll
0x6fee0000 0x55000 5.01.2600.5694 c:\windows\system32\NETAPI32.dll
0x76ac0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
------------------------------------------------------------------------------
svchost.exe pid: 752
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x76870000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00910000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x10000000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x76f60000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
------------------------------------------------------------------------------
svchost.exe pid: 836
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\WS2HELP.dll
0x71a10000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\wsock32.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x00a00000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x776a0000 0x24000 6.00.2900.5512 c:\windows\system32\shsvcs.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\WINSTA.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\System32\NETAPI32.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\System32\rsaenh.dll
0x10000000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ac0000 0x11000 3.05.2284.0002 C:\WINDOWS\System32\atl.dll
0x7d4d0000 0x22000 5.01.2600.5512 c:\windows\system32\dhcpcsvc.dll
0x76ed0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x7db30000 0x8c000 5.01.2600.5512 c:\windows\system32\wzcsvc.dll
0x76e30000 0xe000 5.01.2600.5512 c:\windows\system32\rtutils.dll
0x76ce0000 0x4000 5.01.2600.5512 c:\windows\system32\WMI.dll
0x779e0000 0x97000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x71780000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll
0x5bdf0000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll
0x76010000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x5b660000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll
0x76f00000 0x8000 5.01.2600.5512 c:\windows\system32\WTSAPI32.dll
0x6f890000 0x111000 5.01.2600.5512 c:\windows\system32\ESENT.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x7d500000 0x27000 5.01.2600.5886 C:\WINDOWS\System32\rastls.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\System32\CRYPTUI.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\System32\WINTRUST.dll
0x76cf0000 0x18000 5.01.2600.5512 C:\WINDOWS\System32\MPRAPI.dll
0x77c90000 0x32000 5.01.2600.5512 C:\WINDOWS\System32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 C:\WINDOWS\System32\adsldpc.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\System32\SETUPAPI.dll
0x76e90000 0x3c000 5.01.2600.5512 C:\WINDOWS\System32\RASAPI32.dll
0x76e40000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\rasman.dll
0x76e60000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\TAPI32.dll
0x76790000 0x28000 5.01.2600.5834 C:\WINDOWS\System32\SCHANNEL.dll
0x72340000 0x1c000 5.01.2600.5512 C:\WINDOWS\System32\WinSCard.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\PSAPI.DLL
0x76c90000 0x16000 5.01.2600.5886 C:\WINDOWS\System32\raschap.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll
0x76b10000 0x34000 5.01.2600.5512 c:\windows\system32\schedsvc.dll
0x76740000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll
0x74ec0000 0x5000 6.00.2900.5512 C:\WINDOWS\System32\MSIDLE.DLL
0x70da0000 0xd000 5.01.2600.5512 c:\windows\system32\audiosrv.dll
0x772d0000 0x23000 5.01.2600.5826 c:\windows\system32\wkssvc.dll
0x76cc0000 0x12000 5.01.2600.5512 c:\windows\system32\cryptsvc.dll
0x752c0000 0x33000 5.01.2600.5512 c:\windows\system32\certcli.dll
0x74ef0000 0x9000 5.01.2600.5512 c:\windows\system32\ersvc.dll
0x776d0000 0x44000 2001.12.4414.0706 c:\windows\system32\es.dll
0x74eb0000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x68d40000 0x9000 5.01.2600.5512 c:\windows\system32\hidserv.dll
0x68d50000 0x9000 5.01.2600.5512 c:\windows\system32\HID.DLL
0x75000000 0x1a000 5.01.2600.5512 c:\windows\system32\srvsvc.dll
0x77cd0000 0x33000 5.01.2600.5512 c:\windows\system32\netman.dll
0x76390000 0x1a9000 5.01.2600.5512 c:\windows\system32\netshell.dll
0x76bb0000 0x2f000 5.01.2600.5512 c:\windows\system32\credui.dll
0x72640000 0x6000 5.01.2600.5512 c:\windows\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 c:\windows\system32\OneX.DLL
0x6da60000 0x22000 5.01.2600.5512 c:\windows\system32\eappcfg.dll
0x200e0000 0xe000 5.01.2600.5512 c:\windows\system32\eappprxy.dll
0x72f80000 0x10000 5.01.2600.5512 c:\windows\system32\WZCSAPI.DLL
0x73c70000 0x8000 5.01.2600.5512 c:\windows\system32\seclogon.dll
0x72240000 0xd000 5.01.2600.5512 c:\windows\system32\sens.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\System32\SXS.DLL
0x75110000 0x2e000 5.01.2600.5512 c:\windows\system32\srsvc.dll
0x74a40000 0x8000 6.00.2900.5512 c:\windows\system32\POWRPROF.dll
0x02460000 0x8000 c:\windows\system32\msippsth.dll
0x74fe0000 0x19000 5.01.2600.5512 c:\windows\system32\trkwks.dll
0x76760000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x4f0b0000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x75350000 0x6d000 5.01.2600.5512 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x50040000 0x1d9000 7.04.7600.0226 C:\WINDOWS\system32\wuaueng.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\WINSPOOL.DRV
0x4d5e0000 0x59000 5.01.2600.5868 C:\WINDOWS\System32\WINHTTP.dll
0x750c0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x60440000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x76d90000 0x16000 5.01.2600.5512 c:\windows\system32\browser.dll
0x66890000 0x56000 5.01.2600.5512 c:\windows\system32\ipnathlp.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x4c190000 0x17000 5.01.2600.5512 c:\windows\system32\wscsvc.dll
0x7d200000 0x2bc000 3.01.4001.5512 c:\windows\system32\msi.dll
0x75200000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x76250000 0x85000 5.01.2600.5512 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x75280000 0x3f000 5.01.2600.5512 C:\WINDOWS\System32\Wbem\esscli.dll
0x75610000 0x76000 5.01.2600.5755 C:\WINDOWS\System32\Wbem\FastProx.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\System32\sfc_os.dll
0x76080000 0x13c000 2001.12.4414.0702 C:\WINDOWS\system32\comsvcs.dll
0x750a0000 0x14000 2001.12.4414.0700 C:\WINDOWS\system32\colbact.DLL
0x75060000 0x13000 2001.12.4414.0706 C:\WINDOWS\system32\MTXCLU.DLL
0x76d50000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\CLUSAPI.DLL
0x75020000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\RESUTILS.DLL
0x76df0000 0x24000 5.01.2600.5512 C:\WINDOWS\System32\upnp.dll
0x74e70000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\SSDPAPI.dll
0x74e40000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x74f90000 0x1c000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wmiutils.dll
0x75170000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\wbem\repdrvfs.dll
0x41d50000 0x72000 5.01.2600.5755 C:\WINDOWS\System32\wbem\wmiprvsd.dll
0x5fb00000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\NCObjAPI.DLL
0x75300000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemess.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x5fad0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\wbem\ncprov.dll
0x7def0000 0x32000 5.01.2600.5512 C:\WINDOWS\System32\rasmans.dll
0x742d0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\WINIPSEC.DLL
0x75570000 0x9d000 5.01.2600.5512 C:\WINDOWS\System32\netcfgx.dll
0x73330000 0x40000 5.01.2600.5512 c:\windows\system32\tapisrv.dll
0x75880000 0x11000 5.01.2600.5512 C:\WINDOWS\System32\rastapi.dll
0x57f70000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x71f70000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\uniplat.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\rasadhlp.dll
0x5b390000 0x16000 5.01.2600.5512 C:\WINDOWS\System32\unimdmat.dll
0x61a20000 0x29000 5.01.2600.5512 C:\WINDOWS\system32\modemui.dll
0x57ff0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x57fd0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x58000000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x58020000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x58010000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x721b0000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\rasppp.dll
0x72400000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\ntlsapi.dll
0x71c50000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x74550000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x754c0000 0xaa000 5.01.2600.5512 C:\WINDOWS\System32\RASDLG.dll
0x72220000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sensapi.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x76f60000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x65000000 0x2e000 8.00.6001.18702 C:\WINDOWS\system32\advpack.dll
0x40d30000 0xa94000 8.00.6001.18928 C:\WINDOWS\system32\ieframe.dll
0x3fae0000 0x5b0000 8.00.6001.18928 C:\WINDOWS\system32\mshtml.dll
0x03500000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\System32\MLANG.dll
0x403e0000 0xb4000 5.08.6001.22960 C:\WINDOWS\System32\jscript.dll
0x1b000000 0xc000 8.00.6001.18702 C:\WINDOWS\System32\ImgUtil.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\IMM32.DLL
0x50f00000 0xd000 7.04.7600.0226 C:\WINDOWS\system32\wups2.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
svchost.exe pid: 1064
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x76710000 0xd000 5.01.2600.5512 c:\windows\system32\dnsrslvr.dll
0x76ed0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
------------------------------------------------------------------
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\WS2HELP.dll
0x71a10000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\wsock32.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x00a00000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x776a0000 0x24000 6.00.2900.5512 c:\windows\system32\shsvcs.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\WINSTA.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\System32\NETAPI32.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\System32\rsaenh.dll
0x10000000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ac0000 0x11000 3.05.2284.0002 C:\WINDOWS\System32\atl.dll
0x7d4d0000 0x22000 5.01.2600.5512 c:\windows\system32\dhcpcsvc.dll
0x76ed0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x7db30000 0x8c000 5.01.2600.5512 c:\windows\system32\wzcsvc.dll
0x76e30000 0xe000 5.01.2600.5512 c:\windows\system32\rtutils.dll
0x76ce0000 0x4000 5.01.2600.5512 c:\windows\system32\WMI.dll
0x779e0000 0x97000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x71780000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll
0x5bdf0000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll
0x76010000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x5b660000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll
0x76f00000 0x8000 5.01.2600.5512 c:\windows\system32\WTSAPI32.dll
0x6f890000 0x111000 5.01.2600.5512 c:\windows\system32\ESENT.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x7d500000 0x27000 5.01.2600.5886 C:\WINDOWS\System32\rastls.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\System32\CRYPTUI.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\System32\WINTRUST.dll
0x76cf0000 0x18000 5.01.2600.5512 C:\WINDOWS\System32\MPRAPI.dll
0x77c90000 0x32000 5.01.2600.5512 C:\WINDOWS\System32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 C:\WINDOWS\System32\adsldpc.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\System32\SETUPAPI.dll
0x76e90000 0x3c000 5.01.2600.5512 C:\WINDOWS\System32\RASAPI32.dll
0x76e40000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\rasman.dll
0x76e60000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\TAPI32.dll
0x76790000 0x28000 5.01.2600.5834 C:\WINDOWS\System32\SCHANNEL.dll
0x72340000 0x1c000 5.01.2600.5512 C:\WINDOWS\System32\WinSCard.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\PSAPI.DLL
0x76c90000 0x16000 5.01.2600.5886 C:\WINDOWS\System32\raschap.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll
0x76b10000 0x34000 5.01.2600.5512 c:\windows\system32\schedsvc.dll
0x76740000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll
0x74ec0000 0x5000 6.00.2900.5512 C:\WINDOWS\System32\MSIDLE.DLL
0x70da0000 0xd000 5.01.2600.5512 c:\windows\system32\audiosrv.dll
0x772d0000 0x23000 5.01.2600.5826 c:\windows\system32\wkssvc.dll
0x76cc0000 0x12000 5.01.2600.5512 c:\windows\system32\cryptsvc.dll
0x752c0000 0x33000 5.01.2600.5512 c:\windows\system32\certcli.dll
0x74ef0000 0x9000 5.01.2600.5512 c:\windows\system32\ersvc.dll
0x776d0000 0x44000 2001.12.4414.0706 c:\windows\system32\es.dll
0x74eb0000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x68d40000 0x9000 5.01.2600.5512 c:\windows\system32\hidserv.dll
0x68d50000 0x9000 5.01.2600.5512 c:\windows\system32\HID.DLL
0x75000000 0x1a000 5.01.2600.5512 c:\windows\system32\srvsvc.dll
0x77cd0000 0x33000 5.01.2600.5512 c:\windows\system32\netman.dll
0x76390000 0x1a9000 5.01.2600.5512 c:\windows\system32\netshell.dll
0x76bb0000 0x2f000 5.01.2600.5512 c:\windows\system32\credui.dll
0x72640000 0x6000 5.01.2600.5512 c:\windows\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 c:\windows\system32\OneX.DLL
0x6da60000 0x22000 5.01.2600.5512 c:\windows\system32\eappcfg.dll
0x200e0000 0xe000 5.01.2600.5512 c:\windows\system32\eappprxy.dll
0x72f80000 0x10000 5.01.2600.5512 c:\windows\system32\WZCSAPI.DLL
0x73c70000 0x8000 5.01.2600.5512 c:\windows\system32\seclogon.dll
0x72240000 0xd000 5.01.2600.5512 c:\windows\system32\sens.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\System32\SXS.DLL
0x75110000 0x2e000 5.01.2600.5512 c:\windows\system32\srsvc.dll
0x74a40000 0x8000 6.00.2900.5512 c:\windows\system32\POWRPROF.dll
0x02460000 0x8000 c:\windows\system32\msippsth.dll
0x74fe0000 0x19000 5.01.2600.5512 c:\windows\system32\trkwks.dll
0x76760000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x4f0b0000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x75350000 0x6d000 5.01.2600.5512 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x50040000 0x1d9000 7.04.7600.0226 C:\WINDOWS\system32\wuaueng.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\WINSPOOL.DRV
0x4d5e0000 0x59000 5.01.2600.5868 C:\WINDOWS\System32\WINHTTP.dll
0x750c0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x60440000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x76d90000 0x16000 5.01.2600.5512 c:\windows\system32\browser.dll
0x66890000 0x56000 5.01.2600.5512 c:\windows\system32\ipnathlp.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x4c190000 0x17000 5.01.2600.5512 c:\windows\system32\wscsvc.dll
0x7d200000 0x2bc000 3.01.4001.5512 c:\windows\system32\msi.dll
0x75200000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x76250000 0x85000 5.01.2600.5512 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x75280000 0x3f000 5.01.2600.5512 C:\WINDOWS\System32\Wbem\esscli.dll
0x75610000 0x76000 5.01.2600.5755 C:\WINDOWS\System32\Wbem\FastProx.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\System32\sfc_os.dll
0x76080000 0x13c000 2001.12.4414.0702 C:\WINDOWS\system32\comsvcs.dll
0x750a0000 0x14000 2001.12.4414.0700 C:\WINDOWS\system32\colbact.DLL
0x75060000 0x13000 2001.12.4414.0706 C:\WINDOWS\system32\MTXCLU.DLL
0x76d50000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\CLUSAPI.DLL
0x75020000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\RESUTILS.DLL
0x76df0000 0x24000 5.01.2600.5512 C:\WINDOWS\System32\upnp.dll
0x74e70000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\SSDPAPI.dll
0x74e40000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x74f90000 0x1c000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wmiutils.dll
0x75170000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\wbem\repdrvfs.dll
0x41d50000 0x72000 5.01.2600.5755 C:\WINDOWS\System32\wbem\wmiprvsd.dll
0x5fb00000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\NCObjAPI.DLL
0x75300000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemess.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x5fad0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\wbem\ncprov.dll
0x7def0000 0x32000 5.01.2600.5512 C:\WINDOWS\System32\rasmans.dll
0x742d0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\WINIPSEC.DLL
0x75570000 0x9d000 5.01.2600.5512 C:\WINDOWS\System32\netcfgx.dll
0x73330000 0x40000 5.01.2600.5512 c:\windows\system32\tapisrv.dll
0x75880000 0x11000 5.01.2600.5512 C:\WINDOWS\System32\rastapi.dll
0x57f70000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x71f70000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\uniplat.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\rasadhlp.dll
0x5b390000 0x16000 5.01.2600.5512 C:\WINDOWS\System32\unimdmat.dll
0x61a20000 0x29000 5.01.2600.5512 C:\WINDOWS\system32\modemui.dll
0x57ff0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x57fd0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x58000000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x58020000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x58010000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x721b0000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\rasppp.dll
0x72400000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\ntlsapi.dll
0x71c50000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x74550000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x754c0000 0xaa000 5.01.2600.5512 C:\WINDOWS\System32\RASDLG.dll
0x72220000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sensapi.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x76f60000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x65000000 0x2e000 8.00.6001.18702 C:\WINDOWS\system32\advpack.dll
0x40d30000 0xa94000 8.00.6001.18928 C:\WINDOWS\system32\ieframe.dll
0x3fae0000 0x5b0000 8.00.6001.18928 C:\WINDOWS\system32\mshtml.dll
0x03500000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\System32\MLANG.dll
0x403e0000 0xb4000 5.08.6001.22960 C:\WINDOWS\System32\jscript.dll
0x1b000000 0xc000 8.00.6001.18702 C:\WINDOWS\System32\ImgUtil.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\IMM32.DLL
0x50f00000 0xd000 7.04.7600.0226 C:\WINDOWS\system32\wups2.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
svchost.exe pid: 1064
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x76710000 0xd000 5.01.2600.5512 c:\windows\system32\dnsrslvr.dll
0x76ed0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
------------------------------------------------------------------
svchost.exe pid: 1120
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x008d0000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x74bb0000 0x6000 5.01.2600.5512 c:\windows\system32\lmhsvc.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76840000 0x14000 5.01.2600.5512 c:\windows\system32\ssdpsrv.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x10000000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
0x68d40000 0x9000 5.01.2600.5512 c:\windows\system32\hidserv.dll
0x68d50000 0x9000 5.01.2600.5512 c:\windows\system32\HID.DLL
0x75000000 0x1a000 5.01.2600.5512 c:\windows\system32\srvsvc.dll
0x77cd0000 0x33000 5.01.2600.5512 c:\windows\system32\netman.dll
0x76390000 0x1a9000 5.01.2600.5512 c:\windows\system32\netshell.dll
0x76bb0000 0x2f000 5.01.2600.5512 c:\windows\system32\credui.dll
0x72640000 0x6000 5.01.2600.5512 c:\windows\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 c:\windows\system32\OneX.DLL
0x6da60000 0x22000 5.01.2600.5512 c:\windows\system32\eappcfg.dll
0x200e0000 0xe000 5.01.2600.5512 c:\windows\system32\eappprxy.dll
0x72f80000 0x10000 5.01.2600.5512 c:\windows\system32\WZCSAPI.DLL
0x73c70000 0x8000 5.01.2600.5512 c:\windows\system32\seclogon.dll
0x72240000 0xd000 5.01.2600.5512 c:\windows\system32\sens.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\System32\SXS.DLL
0x75110000 0x2e000 5.01.2600.5512 c:\windows\system32\srsvc.dll
0x74a40000 0x8000 6.00.2900.5512 c:\windows\system32\POWRPROF.dll
0x02460000 0x8000 c:\windows\system32\msippsth.dll
0x74fe0000 0x19000 5.01.2600.5512 c:\windows\system32\trkwks.dll
0x76760000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x4f0b0000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x75350000 0x6d000 5.01.2600.5512 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x50040000 0x1d9000 7.04.7600.0226 C:\WINDOWS\system32\wuaueng.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\WINSPOOL.DRV
0x4d5e0000 0x59000 5.01.2600.5868 C:\WINDOWS\System32\WINHTTP.dll
0x750c0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x60440000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x76d90000 0x16000 5.01.2600.5512 c:\windows\system32\browser.dll
0x66890000 0x56000 5.01.2600.5512 c:\windows\system32\ipnathlp.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x4c190000 0x17000 5.01.2600.5512 c:\windows\system32\wscsvc.dll
0x7d200000 0x2bc000 3.01.4001.5512 c:\windows\system32\msi.dll
0x75200000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x76250000 0x85000 5.01.2600.5512 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x75280000 0x3f000 5.01.2600.5512 C:\WINDOWS\System32\Wbem\esscli.dll
0x75610000 0x76000 5.01.2600.5755 C:\WINDOWS\System32\Wbem\FastProx.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\System32\sfc_os.dll
0x76080000 0x13c000 2001.12.4414.0702 C:\WINDOWS\system32\comsvcs.dll
0x750a0000 0x14000 2001.12.4414.0700 C:\WINDOWS\system32\colbact.DLL
0x75060000 0x13000 2001.12.4414.0706 C:\WINDOWS\system32\MTXCLU.DLL
0x76d50000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\CLUSAPI.DLL
0x75020000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\RESUTILS.DLL
0x76df0000 0x24000 5.01.2600.5512 C:\WINDOWS\System32\upnp.dll
0x74e70000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\SSDPAPI.dll
0x74e40000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x74f90000 0x1c000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wmiutils.dll
0x75170000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\wbem\repdrvfs.dll
0x41d50000 0x72000 5.01.2600.5755 C:\WINDOWS\System32\wbem\wmiprvsd.dll
0x5fb00000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\NCObjAPI.DLL
0x75300000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemess.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x5fad0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\wbem\ncprov.dll
0x7def0000 0x32000 5.01.2600.5512 C:\WINDOWS\System32\rasmans.dll
0x742d0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\WINIPSEC.DLL
0x75570000 0x9d000 5.01.2600.5512 C:\WINDOWS\System32\netcfgx.dll
0x73330000 0x40000 5.01.2600.5512 c:\windows\system32\tapisrv.dll
0x75880000 0x11000 5.01.2600.5512 C:\WINDOWS\System32\rastapi.dll
0x57f70000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x71f70000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\uniplat.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\rasadhlp.dll
0x5b390000 0x16000 5.01.2600.5512 C:\WINDOWS\System32\unimdmat.dll
0x61a20000 0x29000 5.01.2600.5512 C:\WINDOWS\system32\modemui.dll
0x57ff0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x57fd0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x58000000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x58020000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x58010000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x721b0000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\rasppp.dll
0x72400000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\ntlsapi.dll
0x71c50000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x74550000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x754c0000 0xaa000 5.01.2600.5512 C:\WINDOWS\System32\RASDLG.dll
0x72220000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sensapi.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x76f60000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x65000000 0x2e000 8.00.6001.18702 C:\WINDOWS\system32\advpack.dll
0x40d30000 0xa94000 8.00.6001.18928 C:\WINDOWS\system32\ieframe.dll
0x3fae0000 0x5b0000 8.00.6001.18928 C:\WINDOWS\system32\mshtml.dll
0x03500000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\System32\MLANG.dll
0x403e0000 0xb4000 5.08.6001.22960 C:\WINDOWS\System32\jscript.dll
0x1b000000 0xc000 8.00.6001.18702 C:\WINDOWS\System32\ImgUtil.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\IMM32.DLL
0x50f00000 0xd000 7.04.7600.0226 C:\WINDOWS\system32\wups2.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
svchost.exe pid: 1064
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x76710000 0xd000 5.01.2600.5512 c:\windows\system32\dnsrslvr.dll
0x76ed0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
------------------------------------------------------------------------------
svchost.exe pid: 1120
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x008d0000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x74bb0000 0x6000 5.01.2600.5512 c:\windows\system32\lmhsvc.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76840000 0x14000 5.01.2600.5512 c:\windows\system32\ssdpsrv.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x10000000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
----------------------------------------------------------------------------
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x008d0000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x74bb0000 0x6000 5.01.2600.5512 c:\windows\system32\lmhsvc.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76840000 0x14000 5.01.2600.5512 c:\windows\system32\ssdpsrv.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x10000000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
0x68d40000 0x9000 5.01.2600.5512 c:\windows\system32\hidserv.dll
0x68d50000 0x9000 5.01.2600.5512 c:\windows\system32\HID.DLL
0x75000000 0x1a000 5.01.2600.5512 c:\windows\system32\srvsvc.dll
0x77cd0000 0x33000 5.01.2600.5512 c:\windows\system32\netman.dll
0x76390000 0x1a9000 5.01.2600.5512 c:\windows\system32\netshell.dll
0x76bb0000 0x2f000 5.01.2600.5512 c:\windows\system32\credui.dll
0x72640000 0x6000 5.01.2600.5512 c:\windows\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 c:\windows\system32\OneX.DLL
0x6da60000 0x22000 5.01.2600.5512 c:\windows\system32\eappcfg.dll
0x200e0000 0xe000 5.01.2600.5512 c:\windows\system32\eappprxy.dll
0x72f80000 0x10000 5.01.2600.5512 c:\windows\system32\WZCSAPI.DLL
0x73c70000 0x8000 5.01.2600.5512 c:\windows\system32\seclogon.dll
0x72240000 0xd000 5.01.2600.5512 c:\windows\system32\sens.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\System32\SXS.DLL
0x75110000 0x2e000 5.01.2600.5512 c:\windows\system32\srsvc.dll
0x74a40000 0x8000 6.00.2900.5512 c:\windows\system32\POWRPROF.dll
0x02460000 0x8000 c:\windows\system32\msippsth.dll
0x74fe0000 0x19000 5.01.2600.5512 c:\windows\system32\trkwks.dll
0x76760000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x4f0b0000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x75350000 0x6d000 5.01.2600.5512 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x50040000 0x1d9000 7.04.7600.0226 C:\WINDOWS\system32\wuaueng.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\WINSPOOL.DRV
0x4d5e0000 0x59000 5.01.2600.5868 C:\WINDOWS\System32\WINHTTP.dll
0x750c0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x60440000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x76d90000 0x16000 5.01.2600.5512 c:\windows\system32\browser.dll
0x66890000 0x56000 5.01.2600.5512 c:\windows\system32\ipnathlp.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x4c190000 0x17000 5.01.2600.5512 c:\windows\system32\wscsvc.dll
0x7d200000 0x2bc000 3.01.4001.5512 c:\windows\system32\msi.dll
0x75200000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemcomn.dll
0x76250000 0x85000 5.01.2600.5512 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x75280000 0x3f000 5.01.2600.5512 C:\WINDOWS\System32\Wbem\esscli.dll
0x75610000 0x76000 5.01.2600.5755 C:\WINDOWS\System32\Wbem\FastProx.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\System32\sfc_os.dll
0x76080000 0x13c000 2001.12.4414.0702 C:\WINDOWS\system32\comsvcs.dll
0x750a0000 0x14000 2001.12.4414.0700 C:\WINDOWS\system32\colbact.DLL
0x75060000 0x13000 2001.12.4414.0706 C:\WINDOWS\system32\MTXCLU.DLL
0x76d50000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\CLUSAPI.DLL
0x75020000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\RESUTILS.DLL
0x76df0000 0x24000 5.01.2600.5512 C:\WINDOWS\System32\upnp.dll
0x74e70000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\SSDPAPI.dll
0x74e40000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x74f90000 0x1c000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wmiutils.dll
0x75170000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\wbem\repdrvfs.dll
0x41d50000 0x72000 5.01.2600.5755 C:\WINDOWS\System32\wbem\wmiprvsd.dll
0x5fb00000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\NCObjAPI.DLL
0x75300000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\wbem\wbemess.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x5fad0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\wbem\ncprov.dll
0x7def0000 0x32000 5.01.2600.5512 C:\WINDOWS\System32\rasmans.dll
0x742d0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\WINIPSEC.DLL
0x75570000 0x9d000 5.01.2600.5512 C:\WINDOWS\System32\netcfgx.dll
0x73330000 0x40000 5.01.2600.5512 c:\windows\system32\tapisrv.dll
0x75880000 0x11000 5.01.2600.5512 C:\WINDOWS\System32\rastapi.dll
0x57f70000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x71f70000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\uniplat.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\rasadhlp.dll
0x5b390000 0x16000 5.01.2600.5512 C:\WINDOWS\System32\unimdmat.dll
0x61a20000 0x29000 5.01.2600.5512 C:\WINDOWS\system32\modemui.dll
0x57ff0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x57fd0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x58000000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x58020000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x58010000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x721b0000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\rasppp.dll
0x72400000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\ntlsapi.dll
0x71c50000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x74550000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x754c0000 0xaa000 5.01.2600.5512 C:\WINDOWS\System32\RASDLG.dll
0x72220000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sensapi.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x76f60000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x65000000 0x2e000 8.00.6001.18702 C:\WINDOWS\system32\advpack.dll
0x40d30000 0xa94000 8.00.6001.18928 C:\WINDOWS\system32\ieframe.dll
0x3fae0000 0x5b0000 8.00.6001.18928 C:\WINDOWS\system32\mshtml.dll
0x03500000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\System32\MLANG.dll
0x403e0000 0xb4000 5.08.6001.22960 C:\WINDOWS\System32\jscript.dll
0x1b000000 0xc000 8.00.6001.18702 C:\WINDOWS\System32\ImgUtil.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\IMM32.DLL
0x50f00000 0xd000 7.04.7600.0226 C:\WINDOWS\system32\wups2.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
svchost.exe pid: 1064
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x76710000 0xd000 5.01.2600.5512 c:\windows\system32\dnsrslvr.dll
0x76ed0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
------------------------------------------------------------------------------
svchost.exe pid: 1120
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x008d0000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x74bb0000 0x6000 5.01.2600.5512 c:\windows\system32\lmhsvc.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76840000 0x14000 5.01.2600.5512 c:\windows\system32\ssdpsrv.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x10000000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
----------------------------------------------------------------------------
svchost.exe pid: 1308
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x008d0000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x5a9f0000 0x15000 5.01.2600.5512 c:\windows\system32\webclnt.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
------------------------------------------------------------------------------
svchost.exe pid: 2020
Command line: C:\WINDOWS\System32\svchost.exe -k imgsvc
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x75a00000 0x55000 5.01.2600.5512 c:\windows\system32\wiaservc.dll
0x74a50000 0x7000 5.01.2600.5512 c:\windows\system32\CFGMGR32.dll
0x778e0000 0xf8000 5.01.2600.5512 c:\windows\system32\setupapi.DLL
0x73a80000 0x15000 5.01.2600.5627 c:\windows\system32\mscms.dll
0x72f50000 0x26000 5.01.2600.5512 c:\windows\system32\WINSPOOL.DRV
0x762f0000 0x10000 5.01.2600.5512 c:\windows\system32\WINSTA.dll
0x6fee0000 0x55000 5.01.2600.5694 c:\windows\system32\NETAPI32.dll
0x00910000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\System32\WINTRUST.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\System32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\System32\MSASN1.dll
0x5a7b0000 0x26000 5.01.2600.0000 C:\WINDOWS\System32\wiavusd.dll
0x4eb80000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x76720000 0x9000 6.00.2900.5512 C:\WINDOWS\System32\SHFOLDER.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x73af0000 0x14000 5.01.2600.5512 C:\WINDOWS\System32\sti.dll
------------------------------------------------------------------------------
rundll32.exe pid: 2852
Command line: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\rapryl.dll",Startup
Base Size Version Path
0x01000000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\rundll32.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x009e0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x18000 2.03.0000.0000 C:\WINDOWS\rapryl.dll
0x76720000 0x9000 6.00.2900.5512 C:\WINDOWS\system32\shfolder.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
rundll32.exe pid: 1180
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x008d0000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x5a9f0000 0x15000 5.01.2600.5512 c:\windows\system32\webclnt.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
------------------------------------------------------------------------------
svchost.exe pid: 2020
Command line: C:\WINDOWS\System32\svchost.exe -k imgsvc
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\System32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\imagehlp.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x00760000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x75a00000 0x55000 5.01.2600.5512 c:\windows\system32\wiaservc.dll
0x74a50000 0x7000 5.01.2600.5512 c:\windows\system32\CFGMGR32.dll
0x778e0000 0xf8000 5.01.2600.5512 c:\windows\system32\setupapi.DLL
0x73a80000 0x15000 5.01.2600.5627 c:\windows\system32\mscms.dll
0x72f50000 0x26000 5.01.2600.5512 c:\windows\system32\WINSPOOL.DRV
0x762f0000 0x10000 5.01.2600.5512 c:\windows\system32\WINSTA.dll
0x6fee0000 0x55000 5.01.2600.5694 c:\windows\system32\NETAPI32.dll
0x00910000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\System32\WINTRUST.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\System32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\System32\MSASN1.dll
0x5a7b0000 0x26000 5.01.2600.0000 C:\WINDOWS\System32\wiavusd.dll
0x4eb80000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x76720000 0x9000 6.00.2900.5512 C:\WINDOWS\System32\SHFOLDER.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x73af0000 0x14000 5.01.2600.5512 C:\WINDOWS\System32\sti.dll
------------------------------------------------------------------------------
rundll32.exe pid: 2852
Command line: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\rapryl.dll",Startup
Base Size Version Path
0x01000000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\rundll32.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x009e0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x18000 2.03.0000.0000 C:\WINDOWS\rapryl.dll
0x76720000 0x9000 6.00.2900.5512 C:\WINDOWS\system32\shfolder.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
rundll32.exe pid: 1180
rundll32.exe pid: 1180
Command line: rundll32.exe "C:\WINDOWS\rapryl.dll",iep
Base Size Version Path
0x01000000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\rundll32.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x009e0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x18000 2.03.0000.0000 C:\WINDOWS\rapryl.dll
0x76720000 0x9000 6.00.2900.5512 C:\WINDOWS\system32\shfolder.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\Iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x00de0000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76e90000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\RASAPI32.dll
0x76e40000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\rasman.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x76e60000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\TAPI32.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72220000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
0x76ed0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
=====
Ports
=====
Pid Process Port Proto Path
752 -> 135 TCP
1356 AppleMobileDeviceService-> 27015 TCP C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1376 AskService -> 49152 TCP C:\Program Files\AskBarDis\bar\bin\AskService.exe
4 System -> 445 TCP
1660 avgemc -> 10110 TCP C:\PROGRA~1\AVG\AVG8\avgemc.exe
2108 avgnsx -> 10080 TCP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2108 avgnsx -> 13128 TCP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2108 avgnsx -> 18080 TCP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
396 iTunesHelper -> 1028 TCP C:\Program Files\iTunes\iTunesHelper.exe
1764 jqs -> 5152 TCP C:\Program Files\Java\jre6\bin\jqs.exe
1696 mDNSResponder -> 5354 TCP C:\Program Files\Bonjour\mDNSResponder.exe
836 svchost -> 80 TCP C:\WINDOWS\System32\svchost.exe
752 -> 500 UDP
1356 AppleMobileDeviceService-> 5353 UDP C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
4 System -> 1026 UDP
1660 avgemc -> 1043 UDP C:\PROGRA~1\AVG\AVG8\avgemc.exe
2108 avgnsx -> 1044 UDP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2108 avgnsx -> 123 UDP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2108 avgnsx -> 1900 UDP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
396 iTunesHelper -> 4500 UDP C:\Program Files\iTunes\iTunesHelper.exe
1764 jqs -> 9000 UDP C:\Program Files\Java\jre6\bin\jqs.exe
1696 mDNSResponder -> 9001 UDP C:\Program Files\Bonjour\mDNSResponder.exe
836 svchost -> 445 UDP C:\WINDOWS\System32\svchost.exe
=============
Boot Execute
=============
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Utilitaire de vérification automatique
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\autochk.exe
b16ccbf66bf41f994d2810cc2299d9d6 (MD5)
1ca550976a0a04527ba38312ffc87b0e083e5f31 (SHA-1)
72a10210863995896fdd1725f072967961ffd41926c099634ff3bc99bbd65b4f (SHA-256)
===================
LSA Security Providers
===================
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
msapsspc.dll
msapsspc.dll
Client DPA pour plate-forme 32 bit
Microsoft Corporation
6.00.0000.7755
c:\windows\system32\msapsspc.dll
9b5b153f4d0d5cb14d9865435182bd70 (MD5)
81f2fa4984c6dd3b9bca38d5c348343062d90815 (SHA-1)
5dbbbb5c1e4b0ffe1fedb6bcacc6693c835948deec967f5e412329a02b799d5f (SHA-256)
schannel.dll
schannel.dll
TLS / SSL Security Provider
Microsoft Corporation
5.01.2600.5834
c:\windows\system32\schannel.dll
9cf0952cd985b1d7871f22415d3130d0 (MD5)
053b76fb8881c9066dffe89378e63c53aa074049 (SHA-1)
e87a1e3726a9d3d316a5f108e1f6ca94400fed457c6f8978937f1e9874ef2c6b (SHA-256)
digest.dll
digest.dll
Package d'authentification Digest SSPI
Microsoft Corporation
6.00.2900.5512
c:\windows\system32\digest.dll
6cc5c1dac782a63bbc18afc1a23acb68 (MD5)
a71acf37920ee69a9b6ad859c9bcd713826cf598 (SHA-1)
31a5cabdbd646bb97d75118c738229d440020a99301d3a0552210630ad8bb431 (SHA-256)
msnsspc.dll
msnsspc.dll
Accès MSN Internet
Microsoft Corporation
6.01.1825.0000
c:\windows\system32\msnsspc.dll
25f3fbfb7cbc160674b1ac246fd13dc0 (MD5)
223431b21e851cd14c1cf0ab1fbec16d1aa86518 (SHA-1)
ffaa55260dd1c2989508910b0470997ef9c868eb578f4a2b10e187de59fe35e7 (SHA-256)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
msv1_0
msv1_0
Microsoft Authentication Package v1.0
Microsoft Corporation
5.01.2600.5876
c:\windows\system32\msv1_0.dll
2921bbeab3eb2a09e7cbc7cae2a18110 (MD5)
c049c6d3536f7168824270ddc72f6e201bcf03eb (SHA-1)
ed20c345ba0fd88ff5f30247d8c61484a8f36196da644ba7f1f27b3c0270d3c4 (SHA-256)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
kerberos
kerberos
Kerberos Security Package
Microsoft Corporation
5.01.2600.5834
c:\windows\system32\kerberos.dll
14e7cfebe8a6241a288182f13b3e33a9 (MD5)
7b52bdf770244bca686f56b87856c9677bfb90b9 (SHA-1)
1bb7db40d13047b39a97f19b8e7f9beaa1a883bb293201f15f5accdb6b5bbcd4 (SHA-256)
msv1_0
msv1_0
Microsoft Authentication Package v1.0
Microsoft Corporation
5.01.2600.5876
c:\windows\system32\msv1_0.dll
2921bbeab3eb2a09e7cbc7cae2a18110 (MD5)
c049c6d3536f7168824270ddc72f6e201bcf03eb (SHA-1)
ed20c345ba0fd88ff5f30247d8c61484a8f36196da644ba7f1f27b3c0270d3c4 (SHA-256)
schannel
schannel
TLS / SSL Security Provider
Microsoft Corporation
5.01.2600.5834
c:\windows\system32\schannel.dll
9cf0952cd985b1d7871f22415d3130d0 (MD5)
053b76fb8881c9066dffe89378e63c53aa074049 (SHA-1)
e87a1e3726a9d3d316a5f108e1f6ca94400fed457c6f8978937f1e9874ef2c6b (SHA-256)
wdigest
wdigest
Microsoft Digest Access
Microsoft Corporation
5.01.2600.5834
c:\windows\system32\wdigest.dll
a3d1365c368971fa7d1cbb35d88a2f46 (MD5)
77f95987bc18db143675daa80449ecf1b1f4c81e (SHA-1)
bdef87760e7ed74a913a2365213f5288eac39197a29dec813e15b0e2823cbf51 (SHA-256)
===============
Scheduled tasks
===============
Task Scheduler
AppleSoftwareUpdate.job
C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
Apple Software Update
Apple Inc.
2.01.0001.0116
c:\program files\apple software update\softwareupdate.exe
7b43567b4c32ad7aded537cd3b1342b9 (MD5)
8322f1c2c355d88432f1f03a1f231f63912186bd (SHA-1)
050bbeb6b9aa404261b20989325c68433708367aaaed4e1dff3d24ae29a52d2a (SHA-256)
MP Scheduled Scan.job
C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges
Windows Defender Command Line Utility
Microsoft Corporation
1.01.1593.0000
c:\program files\windows defender\mpcmdrun.exe
08ad1cd68d68711c75c15bf42a11892b (MD5)
7340ffdd550069ff0528e8ea032630a448f1ff80 (SHA-1)
2ec17f287a2cbc5455c5ba32d7d60ce14d2903c75062fe1e6c54e4b32bf3f256 (SHA-256)
Rappel d'enregistrement 1.job
C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:1
Rappel de la bulle OOBE Windows
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\oobe\oobebaln.exe
8a6083a1a8458db084958ef410791780 (MD5)
ed88932bdf8730724930c7055d58fc4c15c8b27c (SHA-1)
a9080248f22b2c2adc42c990b86bc9b780cb20032bfe537c274f5791d6b89a3d (SHA-256)
Rappel d'enregistrement 2.job
C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2
Rappel de la bulle OOBE Windows
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\oobe\oobebaln.exe
8a6083a1a8458db084958ef410791780 (MD5)
ed88932bdf8730724930c7055d58fc4c15c8b27c (SHA-1)
a9080248f22b2c2adc42c990b86bc9b780cb20032bfe537c274f5791d6b89a3d (SHA-256)
Rappel d'enregistrement 3.job
C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:3
Rappel de la bulle OOBE Windows
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\oobe\oobebaln.exe
8a6083a1a8458db084958ef410791780 (MD5)
ed88932bdf8730724930c7055d58fc4c15c8b27c (SHA-1)
a9080248f22b2c2adc42c990b86bc9b780cb20032bfe537c274f5791d6b89a3d (SHA-256)
User_Feed_Synchronization-{51138D9F-276B-4A5A-857C-36978231BF2E}.job
C:\WINDOWS\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
8.00.6001.18702
c:\windows\system32\msfeedssync.exe
fee2ba1ad38f457f418e82ea30724053 (MD5)
7ba67318a83e01543dc455288191b6e6dd41047b (SHA-1)
e4641a129d07f33901df4af9b234a7ee5ff6565e8414ee0ba755976da250a809 (SHA-256)
Command line: rundll32.exe "C:\WINDOWS\rapryl.dll",iep
Base Size Version Path
0x01000000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\rundll32.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5d0a0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b3c0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 0xd000 0.01.0002.0002 C:\WINDOWS\system32\SYNCOR11.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x404a0000 0xe6000 8.00.6001.18923 C:\WINDOWS\system32\WININET.dll
0x009e0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18923 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18923 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x18000 2.03.0000.0000 C:\WINDOWS\rapryl.dll
0x76720000 0x9000 6.00.2900.5512 C:\WINDOWS\system32\shfolder.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\Iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x00de0000 0x6000 C:\WINDOWS\system32\ikrh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76e90000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\RASAPI32.dll
0x76e40000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\rasman.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x76e60000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\TAPI32.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72220000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
0x76ed0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
=====
Ports
=====
Pid Process Port Proto Path
752 -> 135 TCP
1356 AppleMobileDeviceService-> 27015 TCP C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1376 AskService -> 49152 TCP C:\Program Files\AskBarDis\bar\bin\AskService.exe
4 System -> 445 TCP
1660 avgemc -> 10110 TCP C:\PROGRA~1\AVG\AVG8\avgemc.exe
2108 avgnsx -> 10080 TCP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2108 avgnsx -> 13128 TCP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2108 avgnsx -> 18080 TCP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
396 iTunesHelper -> 1028 TCP C:\Program Files\iTunes\iTunesHelper.exe
1764 jqs -> 5152 TCP C:\Program Files\Java\jre6\bin\jqs.exe
1696 mDNSResponder -> 5354 TCP C:\Program Files\Bonjour\mDNSResponder.exe
836 svchost -> 80 TCP C:\WINDOWS\System32\svchost.exe
752 -> 500 UDP
1356 AppleMobileDeviceService-> 5353 UDP C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
4 System -> 1026 UDP
1660 avgemc -> 1043 UDP C:\PROGRA~1\AVG\AVG8\avgemc.exe
2108 avgnsx -> 1044 UDP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2108 avgnsx -> 123 UDP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2108 avgnsx -> 1900 UDP C:\PROGRA~1\AVG\AVG8\avgnsx.exe
396 iTunesHelper -> 4500 UDP C:\Program Files\iTunes\iTunesHelper.exe
1764 jqs -> 9000 UDP C:\Program Files\Java\jre6\bin\jqs.exe
1696 mDNSResponder -> 9001 UDP C:\Program Files\Bonjour\mDNSResponder.exe
836 svchost -> 445 UDP C:\WINDOWS\System32\svchost.exe
=============
Boot Execute
=============
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Utilitaire de vérification automatique
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\autochk.exe
b16ccbf66bf41f994d2810cc2299d9d6 (MD5)
1ca550976a0a04527ba38312ffc87b0e083e5f31 (SHA-1)
72a10210863995896fdd1725f072967961ffd41926c099634ff3bc99bbd65b4f (SHA-256)
===================
LSA Security Providers
===================
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
msapsspc.dll
msapsspc.dll
Client DPA pour plate-forme 32 bit
Microsoft Corporation
6.00.0000.7755
c:\windows\system32\msapsspc.dll
9b5b153f4d0d5cb14d9865435182bd70 (MD5)
81f2fa4984c6dd3b9bca38d5c348343062d90815 (SHA-1)
5dbbbb5c1e4b0ffe1fedb6bcacc6693c835948deec967f5e412329a02b799d5f (SHA-256)
schannel.dll
schannel.dll
TLS / SSL Security Provider
Microsoft Corporation
5.01.2600.5834
c:\windows\system32\schannel.dll
9cf0952cd985b1d7871f22415d3130d0 (MD5)
053b76fb8881c9066dffe89378e63c53aa074049 (SHA-1)
e87a1e3726a9d3d316a5f108e1f6ca94400fed457c6f8978937f1e9874ef2c6b (SHA-256)
digest.dll
digest.dll
Package d'authentification Digest SSPI
Microsoft Corporation
6.00.2900.5512
c:\windows\system32\digest.dll
6cc5c1dac782a63bbc18afc1a23acb68 (MD5)
a71acf37920ee69a9b6ad859c9bcd713826cf598 (SHA-1)
31a5cabdbd646bb97d75118c738229d440020a99301d3a0552210630ad8bb431 (SHA-256)
msnsspc.dll
msnsspc.dll
Accès MSN Internet
Microsoft Corporation
6.01.1825.0000
c:\windows\system32\msnsspc.dll
25f3fbfb7cbc160674b1ac246fd13dc0 (MD5)
223431b21e851cd14c1cf0ab1fbec16d1aa86518 (SHA-1)
ffaa55260dd1c2989508910b0470997ef9c868eb578f4a2b10e187de59fe35e7 (SHA-256)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
msv1_0
msv1_0
Microsoft Authentication Package v1.0
Microsoft Corporation
5.01.2600.5876
c:\windows\system32\msv1_0.dll
2921bbeab3eb2a09e7cbc7cae2a18110 (MD5)
c049c6d3536f7168824270ddc72f6e201bcf03eb (SHA-1)
ed20c345ba0fd88ff5f30247d8c61484a8f36196da644ba7f1f27b3c0270d3c4 (SHA-256)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
kerberos
kerberos
Kerberos Security Package
Microsoft Corporation
5.01.2600.5834
c:\windows\system32\kerberos.dll
14e7cfebe8a6241a288182f13b3e33a9 (MD5)
7b52bdf770244bca686f56b87856c9677bfb90b9 (SHA-1)
1bb7db40d13047b39a97f19b8e7f9beaa1a883bb293201f15f5accdb6b5bbcd4 (SHA-256)
msv1_0
msv1_0
Microsoft Authentication Package v1.0
Microsoft Corporation
5.01.2600.5876
c:\windows\system32\msv1_0.dll
2921bbeab3eb2a09e7cbc7cae2a18110 (MD5)
c049c6d3536f7168824270ddc72f6e201bcf03eb (SHA-1)
ed20c345ba0fd88ff5f30247d8c61484a8f36196da644ba7f1f27b3c0270d3c4 (SHA-256)
schannel
schannel
TLS / SSL Security Provider
Microsoft Corporation
5.01.2600.5834
c:\windows\system32\schannel.dll
9cf0952cd985b1d7871f22415d3130d0 (MD5)
053b76fb8881c9066dffe89378e63c53aa074049 (SHA-1)
e87a1e3726a9d3d316a5f108e1f6ca94400fed457c6f8978937f1e9874ef2c6b (SHA-256)
wdigest
wdigest
Microsoft Digest Access
Microsoft Corporation
5.01.2600.5834
c:\windows\system32\wdigest.dll
a3d1365c368971fa7d1cbb35d88a2f46 (MD5)
77f95987bc18db143675daa80449ecf1b1f4c81e (SHA-1)
bdef87760e7ed74a913a2365213f5288eac39197a29dec813e15b0e2823cbf51 (SHA-256)
===============
Scheduled tasks
===============
Task Scheduler
AppleSoftwareUpdate.job
C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
Apple Software Update
Apple Inc.
2.01.0001.0116
c:\program files\apple software update\softwareupdate.exe
7b43567b4c32ad7aded537cd3b1342b9 (MD5)
8322f1c2c355d88432f1f03a1f231f63912186bd (SHA-1)
050bbeb6b9aa404261b20989325c68433708367aaaed4e1dff3d24ae29a52d2a (SHA-256)
MP Scheduled Scan.job
C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges
Windows Defender Command Line Utility
Microsoft Corporation
1.01.1593.0000
c:\program files\windows defender\mpcmdrun.exe
08ad1cd68d68711c75c15bf42a11892b (MD5)
7340ffdd550069ff0528e8ea032630a448f1ff80 (SHA-1)
2ec17f287a2cbc5455c5ba32d7d60ce14d2903c75062fe1e6c54e4b32bf3f256 (SHA-256)
Rappel d'enregistrement 1.job
C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:1
Rappel de la bulle OOBE Windows
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\oobe\oobebaln.exe
8a6083a1a8458db084958ef410791780 (MD5)
ed88932bdf8730724930c7055d58fc4c15c8b27c (SHA-1)
a9080248f22b2c2adc42c990b86bc9b780cb20032bfe537c274f5791d6b89a3d (SHA-256)
Rappel d'enregistrement 2.job
C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2
Rappel de la bulle OOBE Windows
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\oobe\oobebaln.exe
8a6083a1a8458db084958ef410791780 (MD5)
ed88932bdf8730724930c7055d58fc4c15c8b27c (SHA-1)
a9080248f22b2c2adc42c990b86bc9b780cb20032bfe537c274f5791d6b89a3d (SHA-256)
Rappel d'enregistrement 3.job
C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:3
Rappel de la bulle OOBE Windows
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\oobe\oobebaln.exe
8a6083a1a8458db084958ef410791780 (MD5)
ed88932bdf8730724930c7055d58fc4c15c8b27c (SHA-1)
a9080248f22b2c2adc42c990b86bc9b780cb20032bfe537c274f5791d6b89a3d (SHA-256)
User_Feed_Synchronization-{51138D9F-276B-4A5A-857C-36978231BF2E}.job
C:\WINDOWS\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
8.00.6001.18702
c:\windows\system32\msfeedssync.exe
fee2ba1ad38f457f418e82ea30724053 (MD5)
7ba67318a83e01543dc455288191b6e6dd41047b (SHA-1)
e4641a129d07f33901df4af9b234a7ee5ff6565e8414ee0ba755976da250a809 (SHA-256)
Utilisateur anonyme
21 août 2010 à 22:13
21 août 2010 à 22:13
hey ! veux-tu bien rester sur le topic que tu as ouvert avec moi stp ?
21 août 2010 à 20:19
21 août 2010 à 20:26