Virus?????
Résolu/Fermé
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
-
6 sept. 2010 à 11:12
Utilisateur anonyme - 13 sept. 2010 à 23:04
Utilisateur anonyme - 13 sept. 2010 à 23:04
A voir également:
- Virus?????
- Svchost.exe virus - Guide
- Youtu.be virus - Guide
- Faux message virus iphone - Forum iPhone
- Altruistic virus ✓ - Forum Antivirus
- Myavids virus ✓ - Forum Téléphones & tablettes Android
41 réponses
Utilisateur anonyme
6 sept. 2010 à 11:22
6 sept. 2010 à 11:22
salut
* Télécharge ici : USBFIX sur ton bureau
/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :
« Recherche »
/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
- puis clique sur OK
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
le rapport se trouve sur C:\ UsbFix.txt
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
* Télécharge ici : USBFIX sur ton bureau
/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :
« Recherche »
/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
- puis clique sur OK
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
le rapport se trouve sur C:\ UsbFix.txt
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
6 sept. 2010 à 13:03
6 sept. 2010 à 13:03
############################## | UsbFix 7.023 | [Recherche]
Utilisateur: nico (Administrateur) # PC-DE-NICO [PACKARD BELL BV IMEDIA J9502]
Mis à jour le 02/09/10 par El Desaparecido / C_XX
Lancé à 12:50:18 | 06/09/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Activé
RAM -> 3070 Mo
C:\ (%systemdrive%) -> Disque fixe # 327 Go (64 Go libre(s) - 19%) [HDD] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque fixe # 932 Go (71 Go libre(s) - 8%) [LaCie] # NTFS
################## | Éléments infectieux |
Présent! G:\vwewav8.com
################## | Registre |
Présent! HKCU\Software\F5JMWNZTHI
Présent! HKCU\Software\ROUA3O12PW
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\accicons.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnfnot32.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dw20.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwtrig20.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstordb.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onelev.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ose.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanost.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpst.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpreview.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv .exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wxp.exe
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{5289ad76-d85e-11de-ae11-001c255342d6}
Shell\AutoRun\Command = G:\LaunchU3.exe -a
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F |
Utilisateur: nico (Administrateur) # PC-DE-NICO [PACKARD BELL BV IMEDIA J9502]
Mis à jour le 02/09/10 par El Desaparecido / C_XX
Lancé à 12:50:18 | 06/09/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Activé
RAM -> 3070 Mo
C:\ (%systemdrive%) -> Disque fixe # 327 Go (64 Go libre(s) - 19%) [HDD] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque fixe # 932 Go (71 Go libre(s) - 8%) [LaCie] # NTFS
################## | Éléments infectieux |
Présent! G:\vwewav8.com
################## | Registre |
Présent! HKCU\Software\F5JMWNZTHI
Présent! HKCU\Software\ROUA3O12PW
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\accicons.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnfnot32.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dw20.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwtrig20.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstordb.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onelev.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ose.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanost.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpst.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpreview.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv .exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wxp.exe
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{5289ad76-d85e-11de-ae11-001c255342d6}
Shell\AutoRun\Command = G:\LaunchU3.exe -a
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F |
Utilisateur anonyme
6 sept. 2010 à 13:33
6 sept. 2010 à 13:33
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir
▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .
▶ choisi l option 2 ( Suppression )
▶ UsbFix scannera ton pc , laisse travailler l outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
######### | Désinstallation | #########
▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .
▶ Choisi l option Désinstaller ....
▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .
▶ choisi l option 2 ( Suppression )
▶ UsbFix scannera ton pc , laisse travailler l outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
######### | Désinstallation | #########
▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .
▶ Choisi l option Désinstaller ....
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
6 sept. 2010 à 14:25
6 sept. 2010 à 14:25
############################## | UsbFix 7.023 | [Suppression]
Utilisateur: nico (Administrateur) # PC-DE-NICO [PACKARD BELL BV IMEDIA J9502]
Mis à jour le 02/09/10 par El Desaparecido / C_XX
Lancé à 14:20:44 | 06/09/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Activé
RAM -> 3070 Mo
C:\ (%systemdrive%) -> Disque fixe # 327 Go (136 Go libre(s) - 41%) [HDD] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque fixe # 932 Go (79 Go libre(s) - 9%) [LaCie] # NTFS
################## | Éléments infectieux |
Supprimé! G:\vwewav8.com
################## | Registre |
Supprimé! HKCU\Software\F5JMWNZTHI
Supprimé! HKCU\Software\ROUA3O12PW
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\accicons.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnfnot32.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dw20.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwtrig20.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstordb.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onelev.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ose.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanost.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpst.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpreview.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv .exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wxp.exe
################## | Mountpoints2 |
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{5289ad76-d85e-11de-ae11-001c255342d6}
################## | Listing |
[24/02/2010 - 12:20:36 | HD ] C:\$INPLACE.~TR
[06/09/2010 - 14:22:42 | SHD ] C:\$Recycle.Bin
[24/02/2010 - 13:16:53 | HD ] C:\$WINDOWS.~Q
[10/06/2009 - 23:42:20 | A | 24] C:\autoexec.bat
[14/06/2010 - 01:32:01 | SHD ] C:\boot
[14/06/2010 - 01:31:58 | RSH | 383592] C:\bootmgr
[24/02/2010 - 12:35:38 | RASH | 8192] C:\BOOTSECT.BAK
[14/06/2010 - 01:28:32 | RSH | 438840] C:\bootxe2
[06/09/2010 - 07:30:54 | SHD ] C:\Config.Msi
[10/06/2009 - 23:42:20 | A | 10] C:\config.sys
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[27/11/2008 - 22:23:46 | D ] C:\drivers
[02/09/2010 - 17:43:16 | A | 47342] C:\fraglist.luar
[07/11/2007 - 09:00:40 | A | 1110] C:\globdata.ini
[14/06/2010 - 01:49:42 | RSH | 203372] C:\grldr
[02/09/2010 - 17:43:19 | ASH | 2414731264] C:\hiberfil.sys
[07/11/2007 - 09:03:18 | A | 562688] C:\install.exe
[07/11/2007 - 09:00:40 | A | 843] C:\install.ini
[07/11/2007 - 09:03:18 | A | 76304] C:\install.res.1028.dll
[07/11/2007 - 09:03:18 | A | 96272] C:\install.res.1031.dll
[07/11/2007 - 09:03:18 | A | 91152] C:\install.res.1033.dll
[07/11/2007 - 09:03:18 | A | 97296] C:\install.res.1036.dll
[07/11/2007 - 09:03:18 | A | 95248] C:\install.res.1040.dll
[07/11/2007 - 09:03:18 | A | 81424] C:\install.res.1041.dll
[07/11/2007 - 09:03:18 | A | 79888] C:\install.res.1042.dll
[07/11/2007 - 09:03:18 | A | 75792] C:\install.res.2052.dll
[07/11/2007 - 09:03:18 | A | 96272] C:\install.res.3082.dll
[09/12/2008 - 07:57:09 | RASH | 0] C:\IO.SYS
[09/12/2008 - 07:57:09 | RASH | 0] C:\MSDOS.SYS
[26/06/2009 - 17:28:47 | RHD ] C:\MSOCache
[23/09/2009 - 15:43:05 | D ] C:\NVIDIA
[29/02/2004 - 17:44:34 | A | 52576] C:\orange.bmp
[02/09/2010 - 17:43:18 | ASH | 3219644416] C:\pagefile.sys
[01/03/2010 - 10:14:41 | D ] C:\PerfLogs
[01/09/2010 - 05:38:56 | RD ] C:\Program Files
[01/09/2010 - 05:36:34 | HD ] C:\ProgramData
[24/02/2010 - 13:50:32 | SHD ] C:\Recovery
[06/09/2010 - 09:11:52 | SHD ] C:\System Volume Information
[03/03/2010 - 19:50:25 | D ] C:\Temp
[06/09/2010 - 14:22:42 | D ] C:\UsbFix
[06/09/2010 - 14:20:44 | A | 0] C:\UsbFix.txt
[24/02/2010 - 13:08:59 | RD ] C:\Users
[07/11/2007 - 09:00:40 | A | 5686] C:\vcredist.bmp
[07/11/2007 - 09:09:22 | A | 1442522] C:\VC_RED.cab
[07/11/2007 - 09:12:28 | A | 232960] C:\VC_RED.MSI
[14/06/2010 - 01:49:43 | RSH | 12] C:\win7.ld
[16/08/2010 - 06:36:38 | D ] C:\Windows
[14/06/2010 - 01:28:32 | RSH | 171136] C:\XELD2
[14/06/2010 - 01:28:32 | RSH | 9216] C:\XELD2.1st
[06/09/2010 - 14:22:42 | SHD ] G:\$RECYCLE.BIN
[01/01/2000 - 14:38:55 | D ] G:\.lacinema
[07/01/2000 - 20:52:44 | D ] G:\.twonkymedia.db
[29/03/2006 - 15:08:32 | AH | 82] G:\._System Volume Information
[18/01/2010 - 12:48:49 | D ] G:\21 grammes
[06/02/2010 - 16:32:07 | D ] G:\A serious man
[23/08/2010 - 19:02:35 | D ] G:\Alice au pays des merveilles
[10/03/2010 - 17:35:35 | D ] G:\Ange et demon
[30/01/2010 - 10:17:34 | D ] G:\angel a
[10/03/2010 - 18:59:15 | D ] G:\Armored
[22/03/2010 - 21:32:16 | D ] G:\arthur et la vengence de malthazar
[09/06/2010 - 07:36:14 | A | 27184934953] G:\Avatar 1080p x264 VO MA VF DTS dxva-HDZ.mkv
[19/01/2010 - 07:41:13 | D ] G:\Babel
[19/01/2010 - 07:52:25 | D ] G:\Batman lechevalier noir
[03/03/2010 - 16:01:07 | D ] G:\bronson
[10/03/2010 - 17:44:37 | D ] G:\Cash
[31/01/2010 - 06:56:23 | D ] G:\Copland
[27/01/2010 - 17:13:50 | D ] G:\Dans la brume electrique
[02/02/2010 - 15:33:10 | D ] G:\Demineur
[30/08/2010 - 16:59:13 | D ] G:\Dikkenek
[21/06/2010 - 08:48:04 | D ] G:\docteur house 6
[21/06/2010 - 08:50:39 | D ] G:\doteur house 5
[15/02/2010 - 18:06:55 | D ] G:\Fame
[25/03/2010 - 18:20:39 | D ] G:\Fantastis mr fox
[18/01/2010 - 12:54:06 | D ] G:\Ghost
[01/02/2010 - 17:44:37 | D ] G:\Gi joe
[18/01/2010 - 12:51:55 | D ] G:\Gran torino
[23/08/2010 - 19:02:40 | D ] G:\Gremlins
[30/08/2010 - 17:04:35 | D ] G:\Harry brown
[18/01/2010 - 12:47:47 | D ] G:\Harry potter et le prince de sang mélé
[02/02/2010 - 21:45:52 | D ] G:\Heat
[18/01/2010 - 12:29:25 | D ] G:\Hellboy 2
[30/01/2010 - 10:24:08 | D ] G:\Hitman
[03/02/2010 - 08:22:22 | D ] G:\installation et autre
[16/02/2010 - 10:05:50 | D ] G:\Ironman
[18/02/2010 - 07:45:25 | D ] G:\John rambo
[10/03/2010 - 17:18:12 | D ] G:\Kiss kiss- Bang bang
[03/02/2010 - 11:34:00 | D ] G:\L'armée du crime
[25/01/2010 - 13:14:41 | D ] G:\L'enfer du dimanche
[12/02/2010 - 18:59:45 | D ] G:\La momie 1
[12/02/2010 - 21:47:03 | D ] G:\La momie 2
[12/02/2010 - 22:11:56 | D ] G:\La momie 3
[27/01/2010 - 19:37:28 | D ] G:\Largo winch
[25/03/2010 - 18:24:28 | D ] G:\Law abiding citizen
[22/03/2010 - 21:39:17 | D ] G:\Le concert
[10/03/2010 - 19:03:39 | D ] G:\Le dernier ori d'ecosse
[23/08/2010 - 19:02:44 | D ] G:\Le mac
[18/01/2010 - 12:46:17 | D ] G:\le nombre 23
[18/01/2010 - 12:46:12 | D ] G:\Le premier cercle
[12/02/2010 - 09:44:16 | D ] G:\Le soldat ryan
[12/02/2010 - 12:18:45 | D ] G:\Les affranchis
[30/01/2010 - 18:13:11 | D ] G:\Les evadés
[30/08/2010 - 17:01:22 | D ] G:\Les sex commendement
[25/03/2010 - 18:14:50 | D ] G:\lucky luke
[20/01/2010 - 07:24:08 | D ] G:\Lucky number slevin
[03/03/2010 - 16:05:35 | D ] G:\master of commander
[03/03/2010 - 15:34:12 | D ] G:\max et les maxi monstres
[22/03/2010 - 21:50:34 | D ] G:\Mic mac a tire l'arrigot
[20/01/2010 - 07:36:01 | D ] G:\Monstres.Contre.Aliens
[21/01/2010 - 18:48:40 | D ] G:\operation dragon
[25/01/2010 - 16:57:21 | D ] G:\Pandorum
[19/01/2010 - 11:05:38 | D ] G:\Perfect stranger
[21/01/2010 - 11:33:47 | D ] G:\Photo
[10/02/2010 - 18:19:56 | D ] G:\Pirates des caraibes 1
[10/02/2010 - 18:11:13 | D ] G:\Pirates des caraibes 2
[10/02/2010 - 21:54:52 | D ] G:\Pirates des caraibes 3
[03/03/2010 - 16:10:56 | D ] G:\planete 51
[19/01/2010 - 08:51:27 | D ] G:\Planete des singes
[19/02/2010 - 15:16:50 | D ] G:\Planete terre
[27/01/2010 - 17:22:25 | D ] G:\Plublic enemie
[23/01/2010 - 21:07:09 | D ] G:\Predictions
[18/01/2010 - 12:48:17 | D ] G:\Redcliff
[03/02/2010 - 11:50:33 | D ] G:\Road of no returns
[22/03/2010 - 21:53:36 | D ] G:\robocop
[09/05/2010 - 08:12:44 | A | 6793150434] G:\Robocop.[Director's.cut].1080p.mkv
[23/08/2010 - 19:27:34 | D ] G:\SALT
[02/02/2010 - 15:10:43 | D ] G:\Sept vies
[22/03/2010 - 21:59:06 | D ] G:\sherloc holmes
[31/01/2010 - 07:20:12 | D ] G:\Sin city
[10/02/2010 - 17:50:16 | D ] G:\Smoking ace
[30/01/2010 - 09:57:54 | D ] G:\Star treack
[13/02/2010 - 16:33:53 | SHD ] G:\System Volume Information
[30/01/2010 - 10:27:24 | D ] G:\Terminator 4
[22/03/2010 - 22:06:29 | D ] G:\The bad lieutenant
[10/02/2010 - 18:55:00 | D ] G:\The box
[06/02/2010 - 16:29:05 | D ] G:\the cove
[08/02/2010 - 09:36:15 | D ] G:\The informant
[18/01/2010 - 12:48:34 | D ] G:\The league of extraordinary gentlemen
[30/01/2010 - 10:36:29 | D ] G:\The linea
[30/01/2010 - 18:01:43 | D ] G:\The spirit
[18/01/2010 - 12:16:52 | D ] G:\there will be blood
[03/03/2010 - 15:34:07 | D ] G:\transformers
[10/03/2010 - 17:22:55 | D ] G:\un prophete
[20/01/2010 - 10:31:23 | D ] G:\Underworld
[20/01/2010 - 10:31:11 | D ] G:\Underworld 2
[03/03/2010 - 15:54:38 | D ] G:\Underworld 3
[10/03/2010 - 17:30:15 | D ] G:\Up the air
[21/01/2010 - 10:46:07 | D ] G:\video appareil photo
[18/01/2010 - 12:47:08 | D ] G:\Walkyrie
[02/02/2010 - 08:01:54 | D ] G:\Wanted
[31/01/2010 - 06:59:24 | D ] G:\Watchmen
[20/01/2010 - 11:46:11 | D ] G:\Whip it bliss
[27/01/2010 - 17:37:43 | D ] G:\whiteout
[01/02/2010 - 18:12:08 | D ] G:\X-men origine volverine
[19/01/2010 - 07:36:02 | D ] G:\Zodiac
################## | Vaccin |
C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PC-DE-NICO.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.
################## | E.O.F |
Utilisateur: nico (Administrateur) # PC-DE-NICO [PACKARD BELL BV IMEDIA J9502]
Mis à jour le 02/09/10 par El Desaparecido / C_XX
Lancé à 14:20:44 | 06/09/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Activé
RAM -> 3070 Mo
C:\ (%systemdrive%) -> Disque fixe # 327 Go (136 Go libre(s) - 41%) [HDD] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque fixe # 932 Go (79 Go libre(s) - 9%) [LaCie] # NTFS
################## | Éléments infectieux |
Supprimé! G:\vwewav8.com
################## | Registre |
Supprimé! HKCU\Software\F5JMWNZTHI
Supprimé! HKCU\Software\ROUA3O12PW
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\accicons.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnfnot32.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dw20.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwtrig20.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstordb.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onelev.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ose.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanost.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpst.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpreview.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv .exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wxp.exe
################## | Mountpoints2 |
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{5289ad76-d85e-11de-ae11-001c255342d6}
################## | Listing |
[24/02/2010 - 12:20:36 | HD ] C:\$INPLACE.~TR
[06/09/2010 - 14:22:42 | SHD ] C:\$Recycle.Bin
[24/02/2010 - 13:16:53 | HD ] C:\$WINDOWS.~Q
[10/06/2009 - 23:42:20 | A | 24] C:\autoexec.bat
[14/06/2010 - 01:32:01 | SHD ] C:\boot
[14/06/2010 - 01:31:58 | RSH | 383592] C:\bootmgr
[24/02/2010 - 12:35:38 | RASH | 8192] C:\BOOTSECT.BAK
[14/06/2010 - 01:28:32 | RSH | 438840] C:\bootxe2
[06/09/2010 - 07:30:54 | SHD ] C:\Config.Msi
[10/06/2009 - 23:42:20 | A | 10] C:\config.sys
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[27/11/2008 - 22:23:46 | D ] C:\drivers
[02/09/2010 - 17:43:16 | A | 47342] C:\fraglist.luar
[07/11/2007 - 09:00:40 | A | 1110] C:\globdata.ini
[14/06/2010 - 01:49:42 | RSH | 203372] C:\grldr
[02/09/2010 - 17:43:19 | ASH | 2414731264] C:\hiberfil.sys
[07/11/2007 - 09:03:18 | A | 562688] C:\install.exe
[07/11/2007 - 09:00:40 | A | 843] C:\install.ini
[07/11/2007 - 09:03:18 | A | 76304] C:\install.res.1028.dll
[07/11/2007 - 09:03:18 | A | 96272] C:\install.res.1031.dll
[07/11/2007 - 09:03:18 | A | 91152] C:\install.res.1033.dll
[07/11/2007 - 09:03:18 | A | 97296] C:\install.res.1036.dll
[07/11/2007 - 09:03:18 | A | 95248] C:\install.res.1040.dll
[07/11/2007 - 09:03:18 | A | 81424] C:\install.res.1041.dll
[07/11/2007 - 09:03:18 | A | 79888] C:\install.res.1042.dll
[07/11/2007 - 09:03:18 | A | 75792] C:\install.res.2052.dll
[07/11/2007 - 09:03:18 | A | 96272] C:\install.res.3082.dll
[09/12/2008 - 07:57:09 | RASH | 0] C:\IO.SYS
[09/12/2008 - 07:57:09 | RASH | 0] C:\MSDOS.SYS
[26/06/2009 - 17:28:47 | RHD ] C:\MSOCache
[23/09/2009 - 15:43:05 | D ] C:\NVIDIA
[29/02/2004 - 17:44:34 | A | 52576] C:\orange.bmp
[02/09/2010 - 17:43:18 | ASH | 3219644416] C:\pagefile.sys
[01/03/2010 - 10:14:41 | D ] C:\PerfLogs
[01/09/2010 - 05:38:56 | RD ] C:\Program Files
[01/09/2010 - 05:36:34 | HD ] C:\ProgramData
[24/02/2010 - 13:50:32 | SHD ] C:\Recovery
[06/09/2010 - 09:11:52 | SHD ] C:\System Volume Information
[03/03/2010 - 19:50:25 | D ] C:\Temp
[06/09/2010 - 14:22:42 | D ] C:\UsbFix
[06/09/2010 - 14:20:44 | A | 0] C:\UsbFix.txt
[24/02/2010 - 13:08:59 | RD ] C:\Users
[07/11/2007 - 09:00:40 | A | 5686] C:\vcredist.bmp
[07/11/2007 - 09:09:22 | A | 1442522] C:\VC_RED.cab
[07/11/2007 - 09:12:28 | A | 232960] C:\VC_RED.MSI
[14/06/2010 - 01:49:43 | RSH | 12] C:\win7.ld
[16/08/2010 - 06:36:38 | D ] C:\Windows
[14/06/2010 - 01:28:32 | RSH | 171136] C:\XELD2
[14/06/2010 - 01:28:32 | RSH | 9216] C:\XELD2.1st
[06/09/2010 - 14:22:42 | SHD ] G:\$RECYCLE.BIN
[01/01/2000 - 14:38:55 | D ] G:\.lacinema
[07/01/2000 - 20:52:44 | D ] G:\.twonkymedia.db
[29/03/2006 - 15:08:32 | AH | 82] G:\._System Volume Information
[18/01/2010 - 12:48:49 | D ] G:\21 grammes
[06/02/2010 - 16:32:07 | D ] G:\A serious man
[23/08/2010 - 19:02:35 | D ] G:\Alice au pays des merveilles
[10/03/2010 - 17:35:35 | D ] G:\Ange et demon
[30/01/2010 - 10:17:34 | D ] G:\angel a
[10/03/2010 - 18:59:15 | D ] G:\Armored
[22/03/2010 - 21:32:16 | D ] G:\arthur et la vengence de malthazar
[09/06/2010 - 07:36:14 | A | 27184934953] G:\Avatar 1080p x264 VO MA VF DTS dxva-HDZ.mkv
[19/01/2010 - 07:41:13 | D ] G:\Babel
[19/01/2010 - 07:52:25 | D ] G:\Batman lechevalier noir
[03/03/2010 - 16:01:07 | D ] G:\bronson
[10/03/2010 - 17:44:37 | D ] G:\Cash
[31/01/2010 - 06:56:23 | D ] G:\Copland
[27/01/2010 - 17:13:50 | D ] G:\Dans la brume electrique
[02/02/2010 - 15:33:10 | D ] G:\Demineur
[30/08/2010 - 16:59:13 | D ] G:\Dikkenek
[21/06/2010 - 08:48:04 | D ] G:\docteur house 6
[21/06/2010 - 08:50:39 | D ] G:\doteur house 5
[15/02/2010 - 18:06:55 | D ] G:\Fame
[25/03/2010 - 18:20:39 | D ] G:\Fantastis mr fox
[18/01/2010 - 12:54:06 | D ] G:\Ghost
[01/02/2010 - 17:44:37 | D ] G:\Gi joe
[18/01/2010 - 12:51:55 | D ] G:\Gran torino
[23/08/2010 - 19:02:40 | D ] G:\Gremlins
[30/08/2010 - 17:04:35 | D ] G:\Harry brown
[18/01/2010 - 12:47:47 | D ] G:\Harry potter et le prince de sang mélé
[02/02/2010 - 21:45:52 | D ] G:\Heat
[18/01/2010 - 12:29:25 | D ] G:\Hellboy 2
[30/01/2010 - 10:24:08 | D ] G:\Hitman
[03/02/2010 - 08:22:22 | D ] G:\installation et autre
[16/02/2010 - 10:05:50 | D ] G:\Ironman
[18/02/2010 - 07:45:25 | D ] G:\John rambo
[10/03/2010 - 17:18:12 | D ] G:\Kiss kiss- Bang bang
[03/02/2010 - 11:34:00 | D ] G:\L'armée du crime
[25/01/2010 - 13:14:41 | D ] G:\L'enfer du dimanche
[12/02/2010 - 18:59:45 | D ] G:\La momie 1
[12/02/2010 - 21:47:03 | D ] G:\La momie 2
[12/02/2010 - 22:11:56 | D ] G:\La momie 3
[27/01/2010 - 19:37:28 | D ] G:\Largo winch
[25/03/2010 - 18:24:28 | D ] G:\Law abiding citizen
[22/03/2010 - 21:39:17 | D ] G:\Le concert
[10/03/2010 - 19:03:39 | D ] G:\Le dernier ori d'ecosse
[23/08/2010 - 19:02:44 | D ] G:\Le mac
[18/01/2010 - 12:46:17 | D ] G:\le nombre 23
[18/01/2010 - 12:46:12 | D ] G:\Le premier cercle
[12/02/2010 - 09:44:16 | D ] G:\Le soldat ryan
[12/02/2010 - 12:18:45 | D ] G:\Les affranchis
[30/01/2010 - 18:13:11 | D ] G:\Les evadés
[30/08/2010 - 17:01:22 | D ] G:\Les sex commendement
[25/03/2010 - 18:14:50 | D ] G:\lucky luke
[20/01/2010 - 07:24:08 | D ] G:\Lucky number slevin
[03/03/2010 - 16:05:35 | D ] G:\master of commander
[03/03/2010 - 15:34:12 | D ] G:\max et les maxi monstres
[22/03/2010 - 21:50:34 | D ] G:\Mic mac a tire l'arrigot
[20/01/2010 - 07:36:01 | D ] G:\Monstres.Contre.Aliens
[21/01/2010 - 18:48:40 | D ] G:\operation dragon
[25/01/2010 - 16:57:21 | D ] G:\Pandorum
[19/01/2010 - 11:05:38 | D ] G:\Perfect stranger
[21/01/2010 - 11:33:47 | D ] G:\Photo
[10/02/2010 - 18:19:56 | D ] G:\Pirates des caraibes 1
[10/02/2010 - 18:11:13 | D ] G:\Pirates des caraibes 2
[10/02/2010 - 21:54:52 | D ] G:\Pirates des caraibes 3
[03/03/2010 - 16:10:56 | D ] G:\planete 51
[19/01/2010 - 08:51:27 | D ] G:\Planete des singes
[19/02/2010 - 15:16:50 | D ] G:\Planete terre
[27/01/2010 - 17:22:25 | D ] G:\Plublic enemie
[23/01/2010 - 21:07:09 | D ] G:\Predictions
[18/01/2010 - 12:48:17 | D ] G:\Redcliff
[03/02/2010 - 11:50:33 | D ] G:\Road of no returns
[22/03/2010 - 21:53:36 | D ] G:\robocop
[09/05/2010 - 08:12:44 | A | 6793150434] G:\Robocop.[Director's.cut].1080p.mkv
[23/08/2010 - 19:27:34 | D ] G:\SALT
[02/02/2010 - 15:10:43 | D ] G:\Sept vies
[22/03/2010 - 21:59:06 | D ] G:\sherloc holmes
[31/01/2010 - 07:20:12 | D ] G:\Sin city
[10/02/2010 - 17:50:16 | D ] G:\Smoking ace
[30/01/2010 - 09:57:54 | D ] G:\Star treack
[13/02/2010 - 16:33:53 | SHD ] G:\System Volume Information
[30/01/2010 - 10:27:24 | D ] G:\Terminator 4
[22/03/2010 - 22:06:29 | D ] G:\The bad lieutenant
[10/02/2010 - 18:55:00 | D ] G:\The box
[06/02/2010 - 16:29:05 | D ] G:\the cove
[08/02/2010 - 09:36:15 | D ] G:\The informant
[18/01/2010 - 12:48:34 | D ] G:\The league of extraordinary gentlemen
[30/01/2010 - 10:36:29 | D ] G:\The linea
[30/01/2010 - 18:01:43 | D ] G:\The spirit
[18/01/2010 - 12:16:52 | D ] G:\there will be blood
[03/03/2010 - 15:34:07 | D ] G:\transformers
[10/03/2010 - 17:22:55 | D ] G:\un prophete
[20/01/2010 - 10:31:23 | D ] G:\Underworld
[20/01/2010 - 10:31:11 | D ] G:\Underworld 2
[03/03/2010 - 15:54:38 | D ] G:\Underworld 3
[10/03/2010 - 17:30:15 | D ] G:\Up the air
[21/01/2010 - 10:46:07 | D ] G:\video appareil photo
[18/01/2010 - 12:47:08 | D ] G:\Walkyrie
[02/02/2010 - 08:01:54 | D ] G:\Wanted
[31/01/2010 - 06:59:24 | D ] G:\Watchmen
[20/01/2010 - 11:46:11 | D ] G:\Whip it bliss
[27/01/2010 - 17:37:43 | D ] G:\whiteout
[01/02/2010 - 18:12:08 | D ] G:\X-men origine volverine
[19/01/2010 - 07:36:02 | D ] G:\Zodiac
################## | Vaccin |
C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PC-DE-NICO.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.
################## | E.O.F |
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
6 sept. 2010 à 21:52
6 sept. 2010 à 21:52
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
Il commencera par telecharger et installer ses mises à jour , puis te donnera son menu
choisis l'option Search
▶ laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\List'em.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
Il commencera par telecharger et installer ses mises à jour , puis te donnera son menu
choisis l'option Search
▶ laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\List'em.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
7 sept. 2010 à 06:33
7 sept. 2010 à 06:33
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.3 ¤¤¤¤¤¤¤¤¤¤
User : nico (Administrateurs)
Update on 05/09/2010 by g3n-h@ckm@n ::::: 08.15
Start at: 06:15:38 | 07/09/2010
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 327,35 Go (159,5 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\Windows\System32\smss.exe ---- 92 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 2792 Ko ---- Normal ---- %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\csrss.exe ---- 5176 Ko ---- Normal ---- %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 188 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\winlogon.exe ---- 1684 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\services.exe ---- 5064 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 5916 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 1456 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\svchost.exe ---- 4332 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\svchost.exe ---- 4488 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k RPCSS ----
C:\Windows\System32\svchost.exe ---- 12856 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 79504 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 34860 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\svchost.exe ---- 11188 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 1724 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\sched.exe" ----
C:\Windows\system32\Dwm.exe ---- 22208 Ko ---- High ---- "C:\Windows\system32\Dwm.exe" ----
C:\Windows\system32\svchost.exe ---- 8688 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Windows\System32\svchost.exe ---- 45256 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k NetworkService ----
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 18856 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" ----
C:\Windows\system32\svchost.exe ---- 9144 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 2716 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min ----
C:\Windows\system32\svchost.exe ---- 4384 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Windows\System32\svchost.exe ---- 40152 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k secsvcs ----
C:\Windows\system32\svchost.exe ---- 2860 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 9264 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServicePeerNet ----
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe ---- 7192 Ko ---- Normal ---- "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe" ---- Nero AG
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 8920 Ko ---- Normal ---- "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" ---- Microsoft Corporation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 2408 Ko ---- Normal ---- WLIDSvcM.exe 4432 ---- Microsoft Corporation
C:\Windows\System32\spoolsv.exe ---- 9948 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Windows\system32\srvany.exe ---- 2144 Ko ---- Normal ---- C:\Windows\system32\srvany.exe ----
C:\Windows\KMService.exe ---- 2548 Ko ---- Normal ---- C:\Windows\KMService.exe ----
C:\Windows\system32\conhost.exe ---- 2372 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Windows\Explorer.exe ---- 72612 Ko ---- Normal ---- Explorer.exe ----
C:\Windows\system32\sppsvc.exe ---- 4752 Ko ---- Normal ---- C:\Windows\system32\sppsvc.exe ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 7896 Ko ---- Normal ---- "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" ---- Microsoft Corporation
C:\Windows\System32\dinotify.exe ---- 4632 Ko ---- Normal ---- "C:\Windows\System32\dinotify.exe" pnpui.dll,SimplifiedDINotification ----
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ---- 9288 Ko ---- Normal ---- "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" ---- Microsoft Corporation
C:\Windows\explorer.exe ---- 25824 Ko ---- Normal ---- C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding ----
C:\Windows\System32\svchost.exe ---- 3912 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k swprv ----
C:\Program Files\Mozilla Firefox\firefox.exe ---- 112252 Ko ---- Normal ---- "C:\Program Files\Mozilla Firefox\firefox.exe" ---- Mozilla Corporation
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe ---- 48688 Ko ---- Normal ---- "C:\Program Files\Megaupload\Mega Manager\MegaManager.exe" /Add /URL=http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe ----
C:\Windows\explorer.exe ---- 34720 Ko ---- Normal ---- C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding ----
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe ---- 17344 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avcenter.exe" ----
C:\Windows\system32\AUDIODG.EXE ---- 15704 Ko ---- Normal ---- C:\Windows\system32\AUDIODG.EXE 0xaf4 ----
C:\Windows\system32\taskhost.exe ---- 11200 Ko ---- Below Normal ---- taskhost.exe $(Arg0) ----
C:\Windows\system32\cmd.exe ---- 2756 Ko ---- Normal ---- C:\Windows\system32\cmd.exe /K List'em.bat ----
C:\Windows\system32\conhost.exe ---- 4028 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 7920 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Windows\system32\DllHost.exe ---- 4280 Ko ---- Normal ---- C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} ----
C:\Program Files\List_Kill'em\pv.exe ---- 4296 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray.exe = C:\Windows\ehome\ehTray.exe
ISUSPM = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
WindowsLivePhone = "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RtHDVCpl = RtHDVCpl.exe
KMConfig = "C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" KMConfig.exe
WindowsLivePhone = C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
avgnt = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
NPSStartup =
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
@ =
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin = 2 (0x2)
ConsentPromptBehaviorUser = 3 (0x3)
EnableInstallerDetection = 1 (0x1)
EnableLUA = 1 (0x1)
EnableSecureUIAPaths = 1 (0x1)
EnableUIADesktopToggle = 0 (0x0)
EnableVirtualization = 1 (0x1)
PromptOnSecureDesktop = 1 (0x1)
ValidateAdminCodeSignatures = 0 (0x0)
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
scforceoption = 0 (0x0)
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
FilterAdministratorToken = 0 (0x0)
legalnoticetext =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 0 (0x0)
NoDriveAutoRun = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage = 0 (0x0)
NoDriveAutoRun = 0 (0x0)
NoDriveTypeAutoRun = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk = 1
Shell = Explorer.exe
PreCreateKnownFolders = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
Userinit = C:\Windows\system32\Userinit.exe,
VMApplet = SystemPropertiesPerformance.exe /pagefile
AutoRestartShell = 1 (0x1)
Background = 0 0 0
CachedLogonsCount = 10
DebugServerCommand = no
ForceUnlockLogon = 0 (0x0)
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ShutdownWithoutLogon = 0
WinStationsDisabled = 0
DisableCAD = 1 (0x1)
scremoveoption = 0
ShutdownFlags = 43 (0x2b)
PasswordExpiryWarning = 14 (0xe)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} =
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe = C:\Program Files\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{8AA6CB35-67D7-45A2-B1F4-C87EC19E4522}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{23A20C3C-2ADD-4A80-AFB4-C146F8847D79}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{25FFAAD0-F4A3-4164-95FF-4461E9F35D51}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{47B3BDBB-F2AE-4B55-95C8-921C25DB3B76}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{49C187D7-91E1-459E-9759-2925384BD397}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A604D2C-E968-429B-8327-62B5CE52126D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9793EDE2-499E-4A14-8220-523691D8F91B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A59B76D1-5E3B-4893-BB7F-AF69B2570A73}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BFA2E378-31D9-4595-AFA9-CA19E610DC0F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FE600E50-2C69-46D5-ACAA-2B617006245C}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A362E12-0AD3-4A47-9E38-33501CB42C6B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A362E12-0AD3-4A47-9E38-33501CB42C6B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7A362E12-0AD3-4A47-9E38-33501CB42C6B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\System32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\system32\blank.htm
Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Apple]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\NeroLiveEpgUpdate-PC-de-nico_nico]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\OfficeSoftwareProtectionPlatform]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\User_Feed_Synchronization-{B421EAB9-5185-4D90-80A9-2C88666196FA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\WPD]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{0CC3CCE2-EF71-4AEC-A8C3-91009731B1B0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{0E14BA34-748F-4DC6-81FD-337AB133064B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{1680D831-584F-43F5-B041-EF03D69C08D5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{3768E576-5F96-4E74-90CE-F9DBD54D408E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{7A02ACB2-3C55-4EE3-8EB6-7B6FE4AFC894}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{9D803F9C-C529-4A60-B4A9-DBEA603D978C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{9F5ABC2E-3B6A-4DA8-837E-7417F2399891}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{C4939208-54D4-4813-AB28-698B8CB1FBC2}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{D5AFDE10-8306-4246-8BD2-E1C2FAA1749E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{DDE31F42-824B-4A08-BCCA-AE751B94F1BA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{F400CB41-BD2D-4CF6-8407-305E49518030}]
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DllNXOptions]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEInstal.exe]
¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
KnownDllList = nlhtml.dll
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
C:\Windows\System32\drivers\atapi.sys :
[MD5.338c86357871c167a96ab976519bf59e]
[SHA256.f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys :
[MD5.338c86357871c167a96ab976519bf59e]
[SHA256.f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys :
[MD5.338c86357871c167a96ab976519bf59e]
[SHA256.f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤
D'fragmenteur de disque Microsoft
Copyright (c) 2007 Microsoft Corp.
Invocation de analyse sur HDD (C:)...
L'op'ration a r'ussi.
Post Defragmentation Report:
Informations sur le volumeÿ:
Taille du volume = 327,34 Go
Espace libre = 159,50 Go
Quantit' totale d'espace fragment' = 2%
Taille maximale d'espace libre = 18,39 Go
Remarqueÿ: les fragments de fichier de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\install.exe
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\Trymedia
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe
Present !! : C:\Windows\Fonts\GRGAREF.TTF
Present !! : C:\Windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
Present !! : C:\Windows\Temp\JET4162.tmp
Present !! : C:\Windows\Temp\JET44AD.tmp
Present !! : C:\Windows\Temp\JET4FA5.tmp
Present !! : C:\Windows\Temp\JET5282.tmp
Present !! : C:\Windows\Temp\JET5BF4.tmp
Present !! : C:\Windows\Temp\JET67E6.tmp
Present !! : C:\Windows\Temp\JET7A0F.tmp
Present !! : C:\Windows\Temp\JET8F53.tmp
Present !! : C:\Windows\Temp\JET9B06.tmp
Present !! : C:\Windows\Temp\JET9F1B.tmp
Present !! : C:\Windows\Temp\JETA3EC.tmp
Present !! : C:\Windows\Temp\JETA7A3.tmp
Present !! : C:\Windows\Temp\JETBFA6.tmp
Present !! : C:\Windows\Temp\JETC679.tmp
Present !! : C:\Windows\Temp\JETCC43.tmp
Present !! : C:\Windows\Temp\JETCED2.tmp
Present !! : C:\Windows\Temp\JETF46C.tmp
Present !! : C:\Users\nico\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\nico\Local Settings\Temp\B95.tmp
Present !! : C:\Users\nico\LOCAL Settings\Temp\SSUPDATE.EXE
Present !! : C:\Users\nico\LOCAL Settings\Temp\ubi40B3.tmp.exe
Present !! : C:\Users\nico\LOCAL Settings\Temp\UpdateDM.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : "HKLM\Software\Trymedia Systems"
Present !! : HKCR\ImageOle.GifAnimator
Present !! : HKCR\ImageOle.GifAnimator.1
Present !! : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
Present !! : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
Present !! : HKCU\software\Iminent
Present !! : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
Present !! : HKLM\Software\Conduit
Present !! : HKLM\Software\Freeze.com
Present !! : HKLM\software\Iminent
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 06:30:26
Windows 6.1.7600 FAT NTAPI
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x857801F8]<<
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 6:31:03,91
User : nico (Administrateurs)
Update on 05/09/2010 by g3n-h@ckm@n ::::: 08.15
Start at: 06:15:38 | 07/09/2010
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 327,35 Go (159,5 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\Windows\System32\smss.exe ---- 92 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 2792 Ko ---- Normal ---- %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\csrss.exe ---- 5176 Ko ---- Normal ---- %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 188 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\winlogon.exe ---- 1684 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\services.exe ---- 5064 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 5916 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 1456 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\svchost.exe ---- 4332 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\svchost.exe ---- 4488 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k RPCSS ----
C:\Windows\System32\svchost.exe ---- 12856 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 79504 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 34860 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\svchost.exe ---- 11188 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 1724 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\sched.exe" ----
C:\Windows\system32\Dwm.exe ---- 22208 Ko ---- High ---- "C:\Windows\system32\Dwm.exe" ----
C:\Windows\system32\svchost.exe ---- 8688 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Windows\System32\svchost.exe ---- 45256 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k NetworkService ----
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 18856 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" ----
C:\Windows\system32\svchost.exe ---- 9144 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 2716 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min ----
C:\Windows\system32\svchost.exe ---- 4384 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Windows\System32\svchost.exe ---- 40152 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k secsvcs ----
C:\Windows\system32\svchost.exe ---- 2860 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 9264 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServicePeerNet ----
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe ---- 7192 Ko ---- Normal ---- "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe" ---- Nero AG
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 8920 Ko ---- Normal ---- "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" ---- Microsoft Corporation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 2408 Ko ---- Normal ---- WLIDSvcM.exe 4432 ---- Microsoft Corporation
C:\Windows\System32\spoolsv.exe ---- 9948 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Windows\system32\srvany.exe ---- 2144 Ko ---- Normal ---- C:\Windows\system32\srvany.exe ----
C:\Windows\KMService.exe ---- 2548 Ko ---- Normal ---- C:\Windows\KMService.exe ----
C:\Windows\system32\conhost.exe ---- 2372 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Windows\Explorer.exe ---- 72612 Ko ---- Normal ---- Explorer.exe ----
C:\Windows\system32\sppsvc.exe ---- 4752 Ko ---- Normal ---- C:\Windows\system32\sppsvc.exe ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 7896 Ko ---- Normal ---- "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" ---- Microsoft Corporation
C:\Windows\System32\dinotify.exe ---- 4632 Ko ---- Normal ---- "C:\Windows\System32\dinotify.exe" pnpui.dll,SimplifiedDINotification ----
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ---- 9288 Ko ---- Normal ---- "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" ---- Microsoft Corporation
C:\Windows\explorer.exe ---- 25824 Ko ---- Normal ---- C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding ----
C:\Windows\System32\svchost.exe ---- 3912 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k swprv ----
C:\Program Files\Mozilla Firefox\firefox.exe ---- 112252 Ko ---- Normal ---- "C:\Program Files\Mozilla Firefox\firefox.exe" ---- Mozilla Corporation
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe ---- 48688 Ko ---- Normal ---- "C:\Program Files\Megaupload\Mega Manager\MegaManager.exe" /Add /URL=http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe ----
C:\Windows\explorer.exe ---- 34720 Ko ---- Normal ---- C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding ----
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe ---- 17344 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avcenter.exe" ----
C:\Windows\system32\AUDIODG.EXE ---- 15704 Ko ---- Normal ---- C:\Windows\system32\AUDIODG.EXE 0xaf4 ----
C:\Windows\system32\taskhost.exe ---- 11200 Ko ---- Below Normal ---- taskhost.exe $(Arg0) ----
C:\Windows\system32\cmd.exe ---- 2756 Ko ---- Normal ---- C:\Windows\system32\cmd.exe /K List'em.bat ----
C:\Windows\system32\conhost.exe ---- 4028 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 7920 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Windows\system32\DllHost.exe ---- 4280 Ko ---- Normal ---- C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} ----
C:\Program Files\List_Kill'em\pv.exe ---- 4296 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray.exe = C:\Windows\ehome\ehTray.exe
ISUSPM = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
WindowsLivePhone = "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RtHDVCpl = RtHDVCpl.exe
KMConfig = "C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" KMConfig.exe
WindowsLivePhone = C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
avgnt = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
NPSStartup =
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
@ =
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin = 2 (0x2)
ConsentPromptBehaviorUser = 3 (0x3)
EnableInstallerDetection = 1 (0x1)
EnableLUA = 1 (0x1)
EnableSecureUIAPaths = 1 (0x1)
EnableUIADesktopToggle = 0 (0x0)
EnableVirtualization = 1 (0x1)
PromptOnSecureDesktop = 1 (0x1)
ValidateAdminCodeSignatures = 0 (0x0)
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
scforceoption = 0 (0x0)
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
FilterAdministratorToken = 0 (0x0)
legalnoticetext =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 0 (0x0)
NoDriveAutoRun = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage = 0 (0x0)
NoDriveAutoRun = 0 (0x0)
NoDriveTypeAutoRun = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk = 1
Shell = Explorer.exe
PreCreateKnownFolders = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
Userinit = C:\Windows\system32\Userinit.exe,
VMApplet = SystemPropertiesPerformance.exe /pagefile
AutoRestartShell = 1 (0x1)
Background = 0 0 0
CachedLogonsCount = 10
DebugServerCommand = no
ForceUnlockLogon = 0 (0x0)
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ShutdownWithoutLogon = 0
WinStationsDisabled = 0
DisableCAD = 1 (0x1)
scremoveoption = 0
ShutdownFlags = 43 (0x2b)
PasswordExpiryWarning = 14 (0xe)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} =
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe = C:\Program Files\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{8AA6CB35-67D7-45A2-B1F4-C87EC19E4522}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{23A20C3C-2ADD-4A80-AFB4-C146F8847D79}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{25FFAAD0-F4A3-4164-95FF-4461E9F35D51}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{47B3BDBB-F2AE-4B55-95C8-921C25DB3B76}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{49C187D7-91E1-459E-9759-2925384BD397}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A604D2C-E968-429B-8327-62B5CE52126D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9793EDE2-499E-4A14-8220-523691D8F91B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A59B76D1-5E3B-4893-BB7F-AF69B2570A73}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BFA2E378-31D9-4595-AFA9-CA19E610DC0F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FE600E50-2C69-46D5-ACAA-2B617006245C}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A362E12-0AD3-4A47-9E38-33501CB42C6B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A362E12-0AD3-4A47-9E38-33501CB42C6B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7A362E12-0AD3-4A47-9E38-33501CB42C6B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\System32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\system32\blank.htm
Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Apple]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\NeroLiveEpgUpdate-PC-de-nico_nico]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\OfficeSoftwareProtectionPlatform]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\User_Feed_Synchronization-{B421EAB9-5185-4D90-80A9-2C88666196FA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\WPD]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{0CC3CCE2-EF71-4AEC-A8C3-91009731B1B0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{0E14BA34-748F-4DC6-81FD-337AB133064B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{1680D831-584F-43F5-B041-EF03D69C08D5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{3768E576-5F96-4E74-90CE-F9DBD54D408E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{7A02ACB2-3C55-4EE3-8EB6-7B6FE4AFC894}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{9D803F9C-C529-4A60-B4A9-DBEA603D978C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{9F5ABC2E-3B6A-4DA8-837E-7417F2399891}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{C4939208-54D4-4813-AB28-698B8CB1FBC2}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{D5AFDE10-8306-4246-8BD2-E1C2FAA1749E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{DDE31F42-824B-4A08-BCCA-AE751B94F1BA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{F400CB41-BD2D-4CF6-8407-305E49518030}]
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DllNXOptions]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEInstal.exe]
¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
KnownDllList = nlhtml.dll
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
C:\Windows\System32\drivers\atapi.sys :
[MD5.338c86357871c167a96ab976519bf59e]
[SHA256.f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys :
[MD5.338c86357871c167a96ab976519bf59e]
[SHA256.f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys :
[MD5.338c86357871c167a96ab976519bf59e]
[SHA256.f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤
D'fragmenteur de disque Microsoft
Copyright (c) 2007 Microsoft Corp.
Invocation de analyse sur HDD (C:)...
L'op'ration a r'ussi.
Post Defragmentation Report:
Informations sur le volumeÿ:
Taille du volume = 327,34 Go
Espace libre = 159,50 Go
Quantit' totale d'espace fragment' = 2%
Taille maximale d'espace libre = 18,39 Go
Remarqueÿ: les fragments de fichier de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\install.exe
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\Trymedia
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe
Present !! : C:\Windows\Fonts\GRGAREF.TTF
Present !! : C:\Windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
Present !! : C:\Windows\Temp\JET4162.tmp
Present !! : C:\Windows\Temp\JET44AD.tmp
Present !! : C:\Windows\Temp\JET4FA5.tmp
Present !! : C:\Windows\Temp\JET5282.tmp
Present !! : C:\Windows\Temp\JET5BF4.tmp
Present !! : C:\Windows\Temp\JET67E6.tmp
Present !! : C:\Windows\Temp\JET7A0F.tmp
Present !! : C:\Windows\Temp\JET8F53.tmp
Present !! : C:\Windows\Temp\JET9B06.tmp
Present !! : C:\Windows\Temp\JET9F1B.tmp
Present !! : C:\Windows\Temp\JETA3EC.tmp
Present !! : C:\Windows\Temp\JETA7A3.tmp
Present !! : C:\Windows\Temp\JETBFA6.tmp
Present !! : C:\Windows\Temp\JETC679.tmp
Present !! : C:\Windows\Temp\JETCC43.tmp
Present !! : C:\Windows\Temp\JETCED2.tmp
Present !! : C:\Windows\Temp\JETF46C.tmp
Present !! : C:\Users\nico\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\nico\Local Settings\Temp\B95.tmp
Present !! : C:\Users\nico\LOCAL Settings\Temp\SSUPDATE.EXE
Present !! : C:\Users\nico\LOCAL Settings\Temp\ubi40B3.tmp.exe
Present !! : C:\Users\nico\LOCAL Settings\Temp\UpdateDM.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : "HKLM\Software\Trymedia Systems"
Present !! : HKCR\ImageOle.GifAnimator
Present !! : HKCR\ImageOle.GifAnimator.1
Present !! : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
Present !! : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
Present !! : HKCU\software\Iminent
Present !! : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
Present !! : HKLM\Software\Conduit
Present !! : HKLM\Software\Freeze.com
Present !! : HKLM\software\Iminent
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 06:30:26
Windows 6.1.7600 FAT NTAPI
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x857801F8]<<
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 6:31:03,91
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
7 sept. 2010 à 06:34
7 sept. 2010 à 06:34
¤¤¤¤¤¤¤¤¤¤ More informations ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤ DLLs ¤¤¤¤¤¤¤¤¤¤
------------------------------------------------------------------------------
explorer.exe pid: 1760
Command line: Explorer.exe
Base Size Version Path
0x00970000 0x281000 6.01.7600.16450 C:\Windows\Explorer.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x77370000 0x57000 6.01.7600.16385 C:\Windows\system32\SHLWAPI.dll
0x76280000 0xc49000 6.01.7600.16644 C:\Windows\system32\SHELL32.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x75ff0000 0x8f000 6.01.7600.16567 C:\Windows\system32\OLEAUT32.dll
0x741e0000 0x16f000 6.01.7600.16385 C:\Windows\system32\EXPLORERFRAME.dll
0x74b10000 0x2f000 6.01.7600.16385 C:\Windows\system32\DUser.dll
0x74a50000 0xb2000 6.01.7600.16385 C:\Windows\system32\DUI70.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.dll
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x743c0000 0x40000 6.01.7600.16385 C:\Windows\system32\UxTheme.dll
0x74670000 0x25000 6.01.7600.16385 C:\Windows\system32\POWRPROF.dll
0x773d0000 0x19d000 6.01.7600.16385 C:\Windows\system32\SETUPAPI.dll
0x75840000 0x27000 6.01.7600.16385 C:\Windows\system32\CFGMGR32.dll
0x75870000 0x12000 6.01.7600.16385 C:\Windows\system32\DEVOBJ.dll
0x74420000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x73a30000 0xa000 6.01.7600.16385 C:\Windows\system32\slc.dll
0x73520000 0x190000 6.01.7600.16385 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0x75550000 0x8000 6.01.7600.16385 C:\Windows\system32\Secur32.dll
0x756a0000 0x1a000 6.01.7600.16385 C:\Windows\system32\SSPICLI.DLL
0x744f0000 0xf5000 7.00.7600.16385 C:\Windows\system32\PROPSYS.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x746d0000 0x19e000 6.10.7600.16400 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
0x74040000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x772e0000 0x83000 2001.12.8530.16385 C:\Windows\system32\CLBCatQ.DLL
0x74a10000 0x31000 6.01.7600.16385 C:\Windows\system32\EhStorShell.dll
0x72d00000 0x40b000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\GROOVEEX.DLL
0x72160000 0xa3000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
0x720d0000 0x8e000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
0x749e0000 0x2b000 9.00.30729.4148 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.DLL
0x73110000 0x40f000 14.00.4738.1000 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
0x69420000 0x886000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\1036\GrooveIntlResource.dll
0x74170000 0x6a000 6.01.7600.16385 C:\Windows\System32\cscui.dll
0x749d0000 0x9000 6.01.7600.16385 C:\Windows\System32\CSCDLL.dll
0x715e0000 0xb000 6.01.7600.16385 C:\Windows\system32\CSCAPI.dll
0x74350000 0x6f000 6.01.7600.16385 C:\Windows\system32\ntshrui.dll
0x75430000 0x19000 6.01.7600.16385 C:\Windows\system32\srvcli.dll
0x74ba0000 0x6000 6.01.7600.16385 C:\Windows\system32\IconCodecService.dll
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x74440000 0x38000 6.01.7600.16385 C:\Windows\system32\SndVolSSO.DLL
0x749c0000 0x9000 6.01.7600.16385 C:\Windows\system32\HID.DLL
0x74630000 0x39000 6.01.7600.16385 C:\Windows\System32\MMDevApi.dll
0x73d60000 0x78000 6.01.7600.16385 C:\Windows\system32\timedate.cpl
0x73b30000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL
0x6f8c0000 0x4e000 6.01.7600.16385 C:\Windows\system32\actxprxy.dll
0x745f0000 0x21000 6.01.7600.16385 C:\Windows\system32\ntmarta.dll
0x76080000 0x45000 6.01.7600.16385 C:\Windows\system32\WLDAP32.dll
0x74010000 0x2e000 6.01.7600.16385 C:\Windows\System32\shdocvw.dll
0x710f0000 0x7000 5.00.7600.16385 C:\Windows\system32\msiltcfg.dll
0x74cc0000 0x9000 6.01.7600.16385 C:\Windows\system32\VERSION.dll
0x6f3e0000 0x240000 5.00.7600.16385 C:\Windows\system32\msi.dll
0x749b0000 0x9000 6.01.7600.16385 C:\Windows\system32\LINKINFO.dll
0x70d00000 0x278000 6.01.7600.16385 C:\Windows\System32\gameux.dll
0x74140000 0x2f000 1.03.1000.0000 C:\Windows\System32\XmlLite.dll
0x759a0000 0x11c000 6.01.7600.16385 C:\Windows\system32\CRYPT32.dll
0x75830000 0xc000 6.01.7600.16415 C:\Windows\system32\MSASN1.dll
0x6f010000 0x60000 6.01.7600.16385 C:\Windows\System32\wer.dll
0x744b0000 0x12000 6.01.7600.16385 C:\Windows\system32\SAMLIB.dll
0x73f00000 0xf000 6.01.7600.16385 C:\Windows\system32\samcli.dll
0x73f20000 0x9000 6.01.7600.16385 C:\Windows\system32\netutils.dll
0x737a0000 0x94000 5.41.0021.2509 C:\Windows\system32\MsftEdit.dll
0x73fe0000 0x2a000 3.10.0349.0000 C:\Windows\system32\msls31.dll
0x73d00000 0x58000 6.01.7600.16385 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x72b40000 0x1b7000 6.01.7600.16385 C:\Windows\system32\authui.dll
0x727b0000 0xf8000 6.01.7600.16385 C:\Windows\system32\CRYPTUI.dll
0x77890000 0x5000 6.01.7600.16385 C:\Windows\system32\PSAPI.DLL
0x706a0000 0x198000 6.01.7600.16385 C:\Windows\system32\NetworkExplorer.dll
0x73980000 0x32000 6.01.7600.16385 C:\Windows\system32\WINMM.dll
0x746b0000 0x1b000 6.01.7600.16385 C:\Windows\System32\UIAnimation.dll
0x73f90000 0x30000 6.01.7600.16385 C:\Windows\system32\wdmaud.drv
0x74410000 0x4000 6.01.7600.16385 C:\Windows\system32\ksuser.dll
0x746a0000 0x7000 6.01.7600.16385 C:\Windows\system32\AVRT.dll
0x6e730000 0x36000 6.01.7600.16385 C:\Windows\system32\AUDIOSES.DLL
0x74620000 0x8000 6.01.7600.16385 C:\Windows\system32\msacm32.drv
0x73ea0000 0x14000 6.01.7600.16385 C:\Windows\system32\MSACM32.dll
0x744e0000 0x7000 6.01.7600.16385 C:\Windows\system32\midimap.dll
0x739f0000 0x39000 6.01.7600.16385 C:\Windows\system32\stobject.dll
0x736e0000 0xb7000 6.01.7600.16385 C:\Windows\system32\BatMeter.dll
0x75780000 0x29000 6.01.7600.16385 C:\Windows\system32\WINSTA.dll
0x74400000 0xd000 6.01.7600.16385 C:\Windows\system32\WTSAPI32.dll
0x73a40000 0x47000 2001.12.8530.16385 C:\Windows\system32\es.dll
0x72ad0000 0x64000 6.01.7600.16385 C:\Windows\system32\prnfldr.dll
0x71fc0000 0x51000 6.01.7600.16385 C:\Windows\system32\WINSPOOL.DRV
0x729f0000 0x64000 6.01.7600.16385 C:\Windows\system32\dxp.dll
0x75d70000 0x135000 8.00.7600.16625 C:\Windows\system32\urlmon.dll
0x75b70000 0x1f9000 8.00.7600.16385 C:\Windows\system32\iertutil.dll
0x75920000 0x2d000 6.01.7600.16493 C:\Windows\system32\WINTRUST.dll
0x744d0000 0x10000 2007.94.7600.16385 C:\Windows\system32\Syncreg.dll
0x73fd0000 0x8000 6.01.7600.16385 C:\Windows\ehome\ehSSO.dll
0x6e450000 0x265000 6.01.7600.16385 C:\Windows\System32\netshell.dll
0x73910000 0x1c000 6.01.7600.16385 C:\Windows\System32\IPHLPAPI.DLL
0x75ac0000 0x6000 6.01.7600.16385 C:\Windows\system32\NSI.dll
0x73900000 0x7000 6.01.7600.16385 C:\Windows\System32\WINNSI.DLL
0x73bb0000 0x10000 6.01.7600.16385 C:\Windows\System32\nlaapi.dll
0x73f80000 0xe000 6.01.7600.16385 C:\Windows\System32\AltTab.dll
0x736c0000 0x1d000 6.01.7600.16385 C:\Windows\system32\wpdshserviceobj.dll
0x72780000 0x2b000 6.01.7600.16385 C:\Windows\system32\PortableDeviceTypes.dll
0x71c80000 0x89000 6.01.7600.16385 C:\Windows\system32\PortableDeviceApi.dll
0x704f0000 0x1ae000 6.01.7600.16385 C:\Windows\System32\pnidui.dll
0x722a0000 0x17000 6.01.7600.16385 C:\Windows\System32\QUtil.dll
0x753e0000 0x42000 6.01.7600.16385 C:\Windows\System32\wevtapi.dll
0x738a0000 0xd000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc6.DLL
0x75fb0000 0x35000 6.01.7600.16385 C:\Windows\system32\WS2_32.dll
0x723a0000 0x12000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc.DLL
0x74e20000 0x17000 6.01.7600.16385 C:\Windows\system32\USERENV.dll
0x74fc0000 0x8000 6.01.7600.16385 C:\Windows\system32\credssp.dll
0x712b0000 0x8000 6.01.7600.16385 C:\Windows\System32\npmproxy.dll
0x6e130000 0x25000 6.01.7600.16385 C:\Windows\System32\cscobj.dll
0x72080000 0x4d000 7.00.7600.16385 C:\Windows\System32\srchadmin.dll
0x6c780000 0x16000 6.01.7600.16385 C:\Windows\system32\Wlanapi.dll
0x6c7d0000 0x6000 6.01.7600.16385 C:\Windows\system32\wlanutil.dll
0x71bc0000 0x48000 6.01.7600.16385 C:\Windows\system32\wwanapi.dll
0x73f60000 0xa000 8.01.0002.0000 C:\Windows\system32\wwapi.dll
0x72020000 0x2e000 6.01.7600.16385 C:\Windows\System32\QAgent.dll
0x71a10000 0xb0000 6.01.7600.16385 C:\Windows\System32\bthprops.cpl
0x67650000 0xa7e000 8.00.7600.16625 C:\Windows\System32\ieframe.dll
0x71920000 0x3c000 7.00.0000.0000 C:\Windows\System32\OLEACC.dll
0x702e0000 0x20e000 6.01.7600.16385 C:\Windows\System32\SyncCenter.dll
0x70c40000 0xba000 6.01.7600.16385 C:\Windows\System32\Actioncenter.dll
0x71870000 0x64000 6.01.7600.16385 C:\Windows\system32\imapi2.dll
0x71660000 0x4f000 6.01.7600.16385 C:\Windows\System32\hgcpl.dll
0x73ed0000 0x2b000 6.01.7600.16385 C:\Windows\System32\provsvc.dll
0x73f10000 0xf000 6.01.7600.16385 C:\Windows\system32\wkscli.dll
0x70200000 0xd2000 6.01.7600.16385 C:\Windows\system32\fxsst.dll
0x71620000 0x3a000 6.01.7600.16385 C:\Windows\system32\FXSAPI.dll
0x70110000 0xe3000 6.01.7600.16385 C:\Windows\system32\FXSRESM.DLL
0x75720000 0x5f000 6.01.7600.16400 C:\Windows\system32\SXS.DLL
0x71600000 0x1a000 6.01.7600.16385 C:\Windows\System32\wscinterop.dll
0x6f880000 0xf000 6.01.7600.16385 C:\Windows\System32\WSCAPI.dll
0x6fef0000 0x11a000 6.01.7600.16385 C:\Windows\System32\wscui.cpl
0x6fde0000 0x106000 6.01.7600.16385 C:\Windows\System32\werconcpl.dll
0x71150000 0x35000 6.01.7600.16385 C:\Windows\System32\framedynos.dll
0x71500000 0x12000 6.01.7600.16385 C:\Windows\System32\wercplsupport.dll
0x71b50000 0x9000 6.01.7600.16385 C:\Windows\System32\hcproviders.dll
0x6bf30000 0x2b000 8.00.7600.16625 C:\Program Files\Internet Explorer\ieproxy.dll
0x6e380000 0x9f000 6.01.7600.16385 C:\Windows\system32\SearchFolder.dll
0x6ecc0000 0x5c000 7.00.7600.16385 C:\Windows\System32\StructuredQuery.dll
0x6f8a0000 0x16000 6.01.7600.16385 C:\Windows\system32\thumbcache.dll
0x74cd0000 0x76000 6.01.7600.16385 C:\Windows\system32\FirewallAPI.dll
0x72050000 0x12000 6.01.7600.16385 C:\Windows\system32\MPR.dll
0x6e320000 0x52000 6.01.7600.16385 C:\Windows\system32\zipfldr.dll
0x6eca0000 0xd000 6.01.7600.16385 C:\Windows\system32\dfscli.dll
0x6e6e0000 0xd000 6.01.7600.16385 C:\Windows\system32\browcli.dll
0x75200000 0x3c000 6.01.7600.16385 C:\Windows\system32\mswsock.dll
0x750c0000 0x44000 6.01.7600.16385 C:\Windows\system32\DNSAPI.dll
0x71d80000 0x6000 6.01.7600.16385 C:\Windows\system32\rasadhlp.dll
0x74e40000 0xe000 6.01.7600.16385 C:\Windows\system32\DEVRTL.dll
0x6d4a0000 0x33000 6.01.7600.16385 C:\Program Files\Windows Portable Devices\SqmApi.dll
0x6f2c0000 0x22000 6.01.7600.16385 C:\Windows\system32\EhStorAPI.dll
0x6ed20000 0xc6000 6.01.7600.16385 C:\Windows\System32\NaturalLanguage6.dll
0x6c460000 0x28f000 6.01.7600.16385 C:\Windows\System32\NLSData000c.dll
0x67050000 0x5f4000 6.01.7600.16385 C:\Windows\System32\NLSLexicons000c.dll
0x10000000 0x1e000 3.03.0000.0005 C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
0x77570000 0xf4000 8.00.7600.16625 C:\Windows\system32\WININET.dll
0x77090000 0x3000 6.01.7600.16385 C:\Windows\system32\Normaliz.dll
0x6d9c0000 0x238000 6.01.7600.16385 C:\Windows\system32\wpdshext.dll
0x6a770000 0x30b000 12.00.7600.16385 C:\Windows\System32\mf.dll
0x6d6c0000 0x59000 12.00.7600.16385 C:\Windows\System32\MFPlat.DLL
0x3e200000 0x24000 1.02.0000.0001 C:\Windows\system32\nvshext.dll
0x0df50000 0x10f000 8.16.0011.9107 C:\Windows\system32\nvapi.dll
0x6fb00000 0x17000 6.01.7600.16385 C:\Program Files\Windows Sidebar\sbdrop.dll
0x6f190000 0x44000 6.01.7600.16385 C:\Windows\system32\lzhfldr2.dll
0x03430000 0x2e000 3.80.0000.0000 C:\Program Files\WinRAR\rarext.dll
0x025d0000 0x4c000 9.00.0000.0004 C:\Program Files\Avira\AntiVir Desktop\shlext.dll
0x02720000 0x32000 4.06.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x02590000 0x12000 1.02.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x0c4a0000 0x173000 3.01.0000.0001 c:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll
0x771a0000 0x7b000 6.01.7600.16385 C:\Windows\system32\COMDLG32.dll
0x6f0d0000 0x29000 6.01.7600.16385 C:\Windows\system32\syncui.dll
0x6f960000 0x16000 6.01.7600.16385 C:\Windows\system32\SYNCENG.dll
0x6faf0000 0xc000 6.01.7600.16385 C:\Program Files\Windows Photo Viewer\PhotoBase.dll
0x03f20000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x6f0a0000 0x27000 6.01.7600.16385 C:\Windows\system32\twext.dll
0x6d960000 0x3000 6.01.7600.16385 C:\Windows\system32\SFC.DLL
0x6dc60000 0xd000 6.01.7600.16385 C:\Windows\system32\sfc_os.DLL
0x6fd70000 0x24000 6.01.7600.16500 C:\Windows\system32\cabview.dll
0x5e8a0000 0x9f000 6.01.7600.16385 C:\Windows\system32\van.dll
0x5e6e0000 0xd3000 6.01.7600.16385 C:\Windows\system32\RasMM.dll
0x73e00000 0x52000 6.01.7600.16385 C:\Windows\system32\RASAPI32.dll
0x73de0000 0x15000 6.01.7600.16385 C:\Windows\system32\rasman.dll
0x73fc0000 0xd000 6.01.7600.16617 C:\Windows\system32\rtutils.dll
0x73a90000 0x9000 6.01.7600.16385 C:\Windows\system32\dsrole.dll
0x70f80000 0x157000 6.30.7600.16385 C:\Windows\System32\msxml6.dll
0x595f0000 0xa7000 8.01.0002.0000 C:\Windows\system32\WWanMM.dll
0x59530000 0xb9000 6.01.7600.16385 C:\Windows\system32\WlanMM.dll
0x5e660000 0x17000 6.01.7600.16385 C:\Windows\system32\wlanhlp.dll
0x5e620000 0x34000 6.01.7600.16385 C:\Windows\system32\OneX.DLL
0x5e600000 0x11000 6.01.7600.16385 C:\Windows\system32\eappprxy.dll
0x5e5d0000 0x2f000 6.01.7600.16385 C:\Windows\system32\eappcfg.dll
0x6fc40000 0x8000 6.01.7600.16385 C:\Windows\System32\drprov.dll
0x6f930000 0x14000 6.01.7600.16385 C:\Windows\System32\ntlanman.dll
0x6f910000 0x16000 6.01.7600.16385 C:\Windows\System32\davclnt.dll
0x70b70000 0x8000 6.01.7600.16385 C:\Windows\System32\DAVHLPR.dll
0x728b0000 0x132000 8.110.7600.16605 C:\Windows\System32\msxml3.dll
0x024f0000 0xf000 C:\Users\nico\AppData\Local\Temp\catchme.dll
------------------------------------------------------------------------------
explorer.exe pid: 3840
Command line: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Base Size Version Path
0x00970000 0x281000 6.01.7600.16450 C:\Windows\explorer.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x77370000 0x57000 6.01.7600.16385 C:\Windows\system32\SHLWAPI.dll
0x76280000 0xc49000 6.01.7600.16644 C:\Windows\system32\SHELL32.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x75ff0000 0x8f000 6.01.7600.16567 C:\Windows\system32\OLEAUT32.dll
0x741e0000 0x16f000 6.01.7600.16385 C:\Windows\system32\EXPLORERFRAME.dll
0x74b10000 0x2f000 6.01.7600.16385 C:\Windows\system32\DUser.dll
0x74a50000 0xb2000 6.01.7600.16385 C:\Windows\system32\DUI70.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.dll
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x743c0000 0x40000 6.01.7600.16385 C:\Windows\system32\UxTheme.dll
0x74670000 0x25000 6.01.7600.16385 C:\Windows\system32\POWRPROF.dll
0x773d0000 0x19d000 6.01.7600.16385 C:\Windows\system32\SETUPAPI.dll
0x75840000 0x27000 6.01.7600.16385 C:\Windows\system32\CFGMGR32.dll
0x75870000 0x12000 6.01.7600.16385 C:\Windows\system32\DEVOBJ.dll
0x74420000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x73a30000 0xa000 6.01.7600.16385 C:\Windows\system32\slc.dll
0x73520000 0x190000 6.01.7600.16385 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0x75550000 0x8000 6.01.7600.16385 C:\Windows\system32\Secur32.dll
0x756a0000 0x1a000 6.01.7600.16385 C:\Windows\system32\SSPICLI.DLL
0x744f0000 0xf5000 7.00.7600.16385 C:\Windows\system32\PROPSYS.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x746d0000 0x19e000 6.10.7600.16400 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
0x772e0000 0x83000 2001.12.8530.16385 C:\Windows\system32\CLBCatQ.DLL
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x6f8c0000 0x4e000 6.01.7600.16385 C:\Windows\system32\actxprxy.dll
0x75720000 0x5f000 6.01.7600.16400 C:\Windows\system32\SXS.DLL
0x74040000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x74a10000 0x31000 6.01.7600.16385 C:\Windows\system32\EhStorShell.dll
0x72d00000 0x40b000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\GROOVEEX.DLL
0x72160000 0xa3000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
0x720d0000 0x8e000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
0x749e0000 0x2b000 9.00.30729.4148 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.DLL
0x73110000 0x40f000 14.00.4738.1000 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
0x69420000 0x886000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\1036\GrooveIntlResource.dll
0x74170000 0x6a000 6.01.7600.16385 C:\Windows\System32\cscui.dll
0x749d0000 0x9000 6.01.7600.16385 C:\Windows\System32\CSCDLL.dll
0x715e0000 0xb000 6.01.7600.16385 C:\Windows\system32\CSCAPI.dll
0x74350000 0x6f000 6.01.7600.16385 C:\Windows\system32\ntshrui.dll
0x75430000 0x19000 6.01.7600.16385 C:\Windows\system32\srvcli.dll
0x737a0000 0x94000 5.41.0021.2509 C:\Windows\system32\MsftEdit.dll
0x73fe0000 0x2a000 3.10.0349.0000 C:\Windows\system32\msls31.dll
0x75d70000 0x135000 8.00.7600.16625 C:\Windows\system32\urlmon.dll
0x759a0000 0x11c000 6.01.7600.16385 C:\Windows\system32\CRYPT32.dll
0x75830000 0xc000 6.01.7600.16415 C:\Windows\system32\MSASN1.dll
0x75b70000 0x1f9000 8.00.7600.16385 C:\Windows\system32\iertutil.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x77570000 0xf4000 8.00.7600.16625 C:\Windows\system32\WININET.dll
0x77090000 0x3000 6.01.7600.16385 C:\Windows\system32\Normaliz.dll
0x74140000 0x2f000 1.03.1000.0000 C:\Windows\system32\xmllite.dll
0x6bf30000 0x2b000 8.00.7600.16625 C:\Program Files\Internet Explorer\ieproxy.dll
0x6f8a0000 0x16000 6.01.7600.16385 C:\Windows\system32\thumbcache.dll
0x77890000 0x5000 6.01.7600.16385 C:\Windows\system32\PSAPI.DLL
0x745f0000 0x21000 6.01.7600.16385 C:\Windows\system32\ntmarta.dll
0x76080000 0x45000 6.01.7600.16385 C:\Windows\system32\WLDAP32.dll
0x74010000 0x2e000 6.01.7600.16385 C:\Windows\system32\SHDOCVW.dll
0x67650000 0xa7e000 8.00.7600.16625 C:\Windows\system32\ieframe.DLL
0x71920000 0x3c000 7.00.0000.0000 C:\Windows\system32\OLEACC.dll
0x706a0000 0x198000 6.01.7600.16385 C:\Windows\system32\NetworkExplorer.dll
0x73f00000 0xf000 6.01.7600.16385 C:\Windows\system32\samcli.dll
0x744b0000 0x12000 6.01.7600.16385 C:\Windows\system32\SAMLIB.dll
0x73f20000 0x9000 6.01.7600.16385 C:\Windows\system32\netutils.dll
0x749b0000 0x9000 6.01.7600.16385 C:\Windows\system32\LINKINFO.dll
0x6ecc0000 0x5c000 7.00.7600.16385 C:\Windows\System32\StructuredQuery.dll
0x73980000 0x32000 6.01.7600.16385 C:\Windows\system32\WINMM.dll
0x72050000 0x12000 6.01.7600.16385 C:\Windows\system32\MPR.dll
0x6fc40000 0x8000 6.01.7600.16385 C:\Windows\System32\drprov.dll
0x75780000 0x29000 6.01.7600.16385 C:\Windows\System32\WINSTA.dll
0x6f930000 0x14000 6.01.7600.16385 C:\Windows\System32\ntlanman.dll
0x6f910000 0x16000 6.01.7600.16385 C:\Windows\System32\davclnt.dll
0x70b70000 0x8000 6.01.7600.16385 C:\Windows\System32\DAVHLPR.dll
0x75920000 0x2d000 6.01.7600.16493 C:\Windows\system32\WINTRUST.dll
0x73f10000 0xf000 6.01.7600.16385 C:\Windows\system32\wkscli.dll
0x71c80000 0x89000 6.01.7600.16385 C:\Windows\system32\PortableDeviceApi.dll
0x6f2c0000 0x22000 6.01.7600.16385 C:\Windows\system32\EhStorAPI.dll
0x736b0000 0xd000 6.01.7600.16385 C:\Windows\system32\NetworkItemFactory.dll
0x714f0000 0xb000 6.01.7600.16385 C:\Windows\system32\dtsh.dll
0x74cd0000 0x76000 6.01.7600.16385 C:\Windows\system32\FirewallAPI.dll
0x74cc0000 0x9000 6.01.7600.16385 C:\Windows\system32\VERSION.dll
0x6e420000 0x15000 6.01.7600.16385 C:\Windows\system32\Cabinet.dll
0x73910000 0x1c000 6.01.7600.16385 C:\Windows\system32\IPHLPAPI.DLL
0x75ac0000 0x6000 6.01.7600.16385 C:\Windows\system32\NSI.dll
0x73900000 0x7000 6.01.7600.16385 C:\Windows\system32\WINNSI.DLL
0x75fb0000 0x35000 6.01.7600.16385 C:\Windows\system32\WS2_32.dll
0x6eca0000 0xd000 6.01.7600.16385 C:\Windows\system32\dfscli.dll
0x6e6e0000 0xd000 6.01.7600.16385 C:\Windows\system32\browcli.dll
0x75200000 0x3c000 6.01.7600.16385 C:\Windows\system32\mswsock.dll
0x750c0000 0x44000 6.01.7600.16385 C:\Windows\system32\DNSAPI.dll
0x738a0000 0xd000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc6.DLL
0x723a0000 0x12000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc.DLL
0x71d80000 0x6000 6.01.7600.16385 C:\Windows\system32\rasadhlp.dll
0x73e00000 0x52000 6.01.7600.16385 C:\Windows\system32\RASAPI32.dll
0x73de0000 0x15000 6.01.7600.16385 C:\Windows\system32\rasman.dll
0x73fc0000 0xd000 6.01.7600.16617 C:\Windows\system32\rtutils.dll
0x6e6d0000 0x6000 6.01.7600.16385 C:\Windows\system32\sensapi.dll
0x73bb0000 0x10000 6.01.7600.16385 C:\Windows\system32\NLAapi.dll
0x73f70000 0x10000 6.01.7600.16385 C:\Windows\system32\napinsp.dll
0x73e80000 0x12000 6.01.7600.16385 C:\Windows\system32\pnrpnsp.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x73f50000 0x8000 6.01.7600.16385 C:\Windows\System32\winrnr.dll
0x74d50000 0x5000 6.01.7600.16385 C:\Windows\System32\wshtcpip.dll
0x751f0000 0x6000 6.01.7600.16385 C:\Windows\System32\wship6.dll
0x71d10000 0x38000 6.01.7600.16385 C:\Windows\System32\fwpuclnt.dll
------------------------------------------------------------------------------
explorer.exe pid: 4364
Command line: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Base Size Version Path
0x00970000 0x281000 6.01.7600.16450 C:\Windows\explorer.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x77370000 0x57000 6.01.7600.16385 C:\Windows\system32\SHLWAPI.dll
0x76280000 0xc49000 6.01.7600.16644 C:\Windows\system32\SHELL32.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x75ff0000 0x8f000 6.01.7600.16567 C:\Windows\system32\OLEAUT32.dll
0x741e0000 0x16f000 6.01.7600.16385 C:\Windows\system32\EXPLORERFRAME.dll
0x74b10000 0x2f000 6.01.7600.16385 C:\Windows\system32\DUser.dll
0x74a50000 0xb2000 6.01.7600.16385 C:\Windows\system32\DUI70.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.dll
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x743c0000 0x40000 6.01.7600.16385 C:\Windows\system32\UxTheme.dll
0x74670000 0x25000 6.01.7600.16385 C:\Windows\system32\POWRPROF.dll
0x773d0000 0x19d000 6.01.7600.16385 C:\Windows\system32\SETUPAPI.dll
0x75840000 0x27000 6.01.7600.16385 C:\Windows\system32\CFGMGR32.dll
0x75870000 0x12000 6.01.7600.16385 C:\Windows\system32\DEVOBJ.dll
0x74420000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x73a30000 0xa000 6.01.7600.16385 C:\Windows\system32\slc.dll
0x73520000 0x190000 6.01.7600.16385 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0x75550000 0x8000 6.01.7600.16385 C:\Windows\system32\Secur32.dll
0x756a0000 0x1a000 6.01.7600.16385 C:\Windows\system32\SSPICLI.DLL
0x744f0000 0xf5000 7.00.7600.16385 C:\Windows\system32\PROPSYS.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x746d0000 0x19e000 6.10.7600.16400 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
0x772e0000 0x83000 2001.12.8530.16385 C:\Windows\system32\CLBCatQ.DLL
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x6f8c0000 0x4e000 6.01.7600.16385 C:\Windows\system32\actxprxy.dll
0x75720000 0x5f000 6.01.7600.16400 C:\Windows\system32\SXS.DLL
0x74040000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x74a10000 0x31000 6.01.7600.16385 C:\Windows\system32\EhStorShell.dll
0x72d00000 0x40b000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\GROOVEEX.DLL
0x72160000 0xa3000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
0x720d0000 0x8e000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
0x749e0000 0x2b000 9.00.30729.4148 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.DLL
0x73110000 0x40f000 14.00.4738.1000 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
0x69420000 0x886000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\1036\GrooveIntlResource.dll
0x74170000 0x6a000 6.01.7600.16385 C:\Windows\System32\cscui.dll
0x749d0000 0x9000 6.01.7600.16385 C:\Windows\System32\CSCDLL.dll
0x715e0000 0xb000 6.01.7600.16385 C:\Windows\system32\CSCAPI.dll
0x74350000 0x6f000 6.01.7600.16385 C:\Windows\system32\ntshrui.dll
0x75430000 0x19000 6.01.7600.16385 C:\Windows\system32\srvcli.dll
0x737a0000 0x94000 5.41.0021.2509 C:\Windows\system32\MsftEdit.dll
0x73fe0000 0x2a000 3.10.0349.0000 C:\Windows\system32\msls31.dll
0x73d00000 0x58000 6.01.7600.16385 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x75d70000 0x135000 8.00.7600.16625 C:\Windows\system32\urlmon.dll
0x759a0000 0x11c000 6.01.7600.16385 C:\Windows\system32\CRYPT32.dll
0x75830000 0xc000 6.01.7600.16415 C:\Windows\system32\MSASN1.dll
0x75b70000 0x1f9000 8.00.7600.16385 C:\Windows\system32\iertutil.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x10000000 0x1e000 3.03.0000.0005 C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
0x77570000 0xf4000 8.00.7600.16625 C:\Windows\system32\WININET.dll
0x77090000 0x3000 6.01.7600.16385 C:\Windows\system32\Normaliz.dll
0x74140000 0x2f000 1.03.1000.0000 C:\Windows\system32\xmllite.dll
0x6bf30000 0x2b000 8.00.7600.16625 C:\Program Files\Internet Explorer\ieproxy.dll
0x6f8a0000 0x16000 6.01.7600.16385 C:\Windows\system32\thumbcache.dll
0x77890000 0x5000 6.01.7600.16385 C:\Windows\system32\PSAPI.DLL
0x745f0000 0x21000 6.01.7600.16385 C:\Windows\system32\ntmarta.dll
0x76080000 0x45000 6.01.7600.16385 C:\Windows\system32\WLDAP32.dll
0x74010000 0x2e000 6.01.7600.16385 C:\Windows\system32\SHDOCVW.dll
0x67650000 0xa7e000 8.00.7600.16625 C:\Windows\system32\ieframe.DLL
0x71920000 0x3c000 7.00.0000.0000 C:\Windows\system32\OLEACC.dll
0x706a0000 0x198000 6.01.7600.16385 C:\Windows\system32\NetworkExplorer.dll
0x73f00000 0xf000 6.01.7600.16385 C:\Windows\system32\samcli.dll
0x744b0000 0x12000 6.01.7600.16385 C:\Windows\system32\SAMLIB.dll
0x73f20000 0x9000 6.01.7600.16385 C:\Windows\system32\netutils.dll
0x6ecc0000 0x5c000 7.00.7600.16385 C:\Windows\System32\StructuredQuery.dll
0x749b0000 0x9000 6.01.7600.16385 C:\Windows\system32\LINKINFO.dll
0x73980000 0x32000 6.01.7600.16385 C:\Windows\system32\WINMM.dll
0x72050000 0x12000 6.01.7600.16385 C:\Windows\system32\MPR.dll
0x75920000 0x2d000 6.01.7600.16493 C:\Windows\system32\WINTRUST.dll
0x6fc40000 0x8000 6.01.7600.16385 C:\Windows\System32\drprov.dll
0x75780000 0x29000 6.01.7600.16385 C:\Windows\System32\WINSTA.dll
0x6f930000 0x14000 6.01.7600.16385 C:\Windows\System32\ntlanman.dll
0x6f910000 0x16000 6.01.7600.16385 C:\Windows\System32\davclnt.dll
0x70b70000 0x8000 6.01.7600.16385 C:\Windows\System32\DAVHLPR.dll
0x73f10000 0xf000 6.01.7600.16385 C:\Windows\system32\wkscli.dll
0x736b0000 0xd000 6.01.7600.16385 C:\Windows\system32\NetworkItemFactory.dll
0x714f0000 0xb000 6.01.7600.16385 C:\Windows\system32\dtsh.dll
0x74cd0000 0x76000 6.01.7600.16385 C:\Windows\system32\FirewallAPI.dll
0x74cc0000 0x9000 6.01.7600.16385 C:\Windows\system32\VERSION.dll
0x71c80000 0x89000 6.01.7600.16385 C:\Windows\system32\PortableDeviceApi.dll
0x6f2c0000 0x22000 6.01.7600.16385 C:\Windows\system32\EhStorAPI.dll
0x712b0000 0x8000 6.01.7600.16385 C:\Windows\System32\npmproxy.dll
0x716b0000 0x2b000 6.01.7600.16385 C:\Windows\system32\FunDisc.dll
0x73b30000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL
0x6fd70000 0x24000 6.01.7600.16500 C:\Windows\system32\cabview.dll
0x70f80000 0x157000 6.30.7600.16385 C:\Windows\System32\msxml6.dll
0x6e420000 0x15000 6.01.7600.16385 C:\Windows\system32\Cabinet.dll
0x6c720000 0xa000 6.01.7600.16385 C:\Windows\system32\fdproxy.dll
0x6efa0000 0x17000 6.01.7600.16385 C:\Windows\System32\fdwcn.dll
0x6ee20000 0x19000 6.01.7600.16385 C:\Windows\System32\wcnapi.dll
0x6f070000 0x9000 6.01.7600.16385 C:\Windows\system32\fdWNet.dll
0x73910000 0x1c000 6.01.7600.16385 C:\Windows\system32\IPHLPAPI.DLL
0x75ac0000 0x6000 6.01.7600.16385 C:\Windows\system32\NSI.dll
0x73900000 0x7000 6.01.7600.16385 C:\Windows\system32\WINNSI.DLL
0x75fb0000 0x35000 6.01.7600.16385 C:\Windows\system32\WS2_32.dll
0x6eca0000 0xd000 6.01.7600.16385 C:\Windows\system32\dfscli.dll
0x6e6e0000 0xd000 6.01.7600.16385 C:\Windows\system32\browcli.dll
0x75200000 0x3c000 6.01.7600.16385 C:\Windows\system32\mswsock.dll
0x750c0000 0x44000 6.01.7600.16385 C:\Windows\system32\DNSAPI.dll
0x738a0000 0xd000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc6.DLL
0x723a0000 0x12000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc.DLL
0x71d80000 0x6000 6.01.7600.16385 C:\Windows\system32\rasadhlp.dll
0x74e40000 0xe000 6.01.7600.16385 C:\Windows\system32\DEVRTL.dll
0x6f010000 0x60000 6.01.7600.16385 C:\Windows\System32\wer.dll
0x6f0a0000 0x27000 6.01.7600.16385 C:\Windows\system32\twext.dll
0x6e130000 0x25000 6.01.7600.16385 C:\Windows\System32\cscobj.dll
0x74e20000 0x17000 6.01.7600.16385 C:\Windows\System32\USERENV.dll
0x036d0000 0x12000 1.02.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x036f0000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x03700000 0x2e000 3.80.0000.0000 C:\Program Files\WinRAR\rarext.dll
0x03870000 0x4c000 9.00.0000.0004 C:\Program Files\Avira\AntiVir Desktop\shlext.dll
0x71fc0000 0x51000 6.01.7600.16385 C:\Windows\system32\WINSPOOL.DRV
0x038c0000 0x32000 4.06.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x1c000000 0x6000 1.03.0000.0000 C:\Program Files\Notepad++\nppcm.dll
0x069d0000 0x209000 4.00.0005.0100 C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
0x6c200000 0x110000 8.00.50727.4053 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
0x6f620000 0x9b000 8.00.50727.4927 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
0x771a0000 0x7b000 6.01.7600.16385 C:\Windows\system32\comdlg32.dll
0x6f6c0000 0x87000 8.00.50727.4927 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
0x6e070000 0x21000 6.01.7600.16385 C:\Windows\system32\MSVFW32.dll
0x6fd30000 0xf000 8.00.50727.4053 C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\MFC80FRA.DLL
0x74b40000 0x52000 6.01.7600.16385 C:\Windows\system32\Faultrep.dll
0x6f100000 0x6000 6.01.7600.16385 C:\Windows\system32\RICHED32.DLL
0x6d7f0000 0x76000 5.31.0023.1229 C:\Windows\system32\RICHED20.dll
0x6f0d0000 0x29000 6.01.7600.16385 C:\Windows\system32\syncui.dll
0x6f960000 0x16000 6.01.7600.16385 C:\Windows\system32\SYNCENG.dll
0x6f110000 0xe000 6.01.7600.16385 C:\Windows\system32\acppage.dll
0x6d960000 0x3000 6.01.7600.16385 C:\Windows\system32\sfc.dll
0x6dc60000 0xd000 6.01.7600.16385 C:\Windows\system32\sfc_os.DLL
0x6f3e0000 0x240000 5.00.7600.16385 C:\Windows\system32\msi.dll
0x03ab0000 0x1c000 1.01.0225.0000 C:\Windows\system32\CmdLineExt.dll
0x70d00000 0x278000 6.01.7600.16385 C:\Windows\System32\gameux.dll
0x6e120000 0xa000 6.01.7600.16385 C:\Windows\system32\wbem\wbemprox.dll
0x6e010000 0x5c000 6.01.7600.16385 C:\Windows\system32\wbemcomn.dll
0x73e60000 0xf000 6.01.7600.16385 C:\Windows\system32\wbem\wbemsvc.dll
0x6dde0000 0x96000 6.01.7600.16385 C:\Windows\system32\wbem\fastprox.dll
0x6ddc0000 0x18000 6.01.7600.16385 C:\Windows\system32\NTDSAPI.dll
0x74d50000 0x5000 6.01.7600.16385 C:\Windows\System32\wshtcpip.dll
0x751f0000 0x6000 6.01.7600.16385 C:\Windows\System32\wship6.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x71d10000 0x38000 6.01.7600.16385 C:\Windows\System32\fwpuclnt.dll
0x73e00000 0x52000 6.01.7600.16385 C:\Windows\system32\RASAPI32.dll
0x73de0000 0x15000 6.01.7600.16385 C:\Windows\system32\rasman.dll
0x73fc0000 0xd000 6.01.7600.16617 C:\Windows\system32\rtutils.dll
0x6e6d0000 0x6000 6.01.7600.16385 C:\Windows\system32\sensapi.dll
0x73bb0000 0x10000 6.01.7600.16385 C:\Windows\system32\NLAapi.dll
0x72a60000 0x5a000 6.01.7600.16385 C:\Windows\System32\netprofm.dll
0x73f70000 0x10000 6.01.7600.16385 C:\Windows\system32\napinsp.dll
0x73e80000 0x12000 6.01.7600.16385 C:\Windows\system32\pnrpnsp.dll
0x73f50000 0x8000 6.01.7600.16385 C:\Windows\System32\winrnr.dll
0x6d9c0000 0x238000 6.01.7600.16385 C:\Windows\system32\wpdshext.dll
0x6fbb0000 0x3f000 6.01.7600.16385 C:\Windows\system32\audiodev.dll
0x6b690000 0x267000 12.00.7600.16385 C:\Windows\system32\WMVCore.DLL
0x6f150000 0x3d000 12.00.7600.16385 C:\Windows\system32\WMASF.DLL
No matching processes were found.
------------------------------------------------------------------------------
firefox.exe pid: 5712
Command line: "C:\Program Files\Mozilla Firefox\firefox.exe"
Base Size Version Path
0x00fd0000 0xe0000 1.09.0002.3855 C:\Program Files\Mozilla Firefox\firefox.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x664c0000 0xb8c000 1.09.0002.3855 C:\Program Files\Mozilla Firefox\xul.dll
0x6ee90000 0x75000 3.06.0022.0000 C:\Program Files\Mozilla Firefox\sqlite3.dll
0x6fc80000 0xb0000 8.00.0000.0000 C:\Program Files\Mozilla Firefox\MOZCRT19.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x6eb40000 0xfa000 C:\Program Files\Mozilla Firefox\js3250.dll
0x6fc50000 0x29000 4.08.0003.0000 C:\Program Files\Mozilla Firefox\nspr4.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x71ba0000 0x7000 6.01.7600.16385 C:\Windows\system32\WSOCK32.dll
0x75fb0000 0x35000 6.01.7600.16385 C:\Windows\system32\WS2_32.dll
0x75ac0000 0x6000 6.01.7600.16385 C:\Windows\system32\NSI.dll
0x73980000 0x32000 6.01.7600.16385 C:\Windows\system32\WINMM.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x6fdc0000 0x18000 3.12.0006.0002 C:\Program Files\Mozilla Firefox\smime3.dll
0x6e280000 0x9d000 3.12.0006.0002 C:\Program Files\Mozilla Firefox\nss3.dll
0x6fda0000 0x14000 3.12.0006.0002 C:\Program Files\Mozilla Firefox\nssutil3.dll
0x71c40000 0x7000 4.08.0003.0000 C:\Program Files\Mozilla Firefox\plc4.dll
0x6fc30000 0x7000 4.08.0003.0000 C:\Program Files\Mozilla Firefox\plds4.dll
0x6fc00000 0x21000 3.12.0006.0002 C:\Program Files\Mozilla Firefox\ssl3.dll
0x76280000 0xc49000 6.01.7600.16644 C:\Windows\system32\SHELL32.dll
0x77370000 0x57000 6.01.7600.16385 C:\Windows\system32\SHLWAPI.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x74cc0000 0x9000 6.01.7600.16385 C:\Windows\system32\VERSION.dll
0x71fc0000 0x51000 6.01.7600.16385 C:\Windows\system32\WINSPOOL.DRV
0x771a0000 0x7b000 6.01.7600.16385 C:\Windows\system32\COMDLG32.dll
0x746d0000 0x19e000 6.10.7600.16400 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\COMCTL32.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.dll
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x73cf0000 0x5000 6.01.7600.16385 C:\Windows\system32\MSIMG32.dll
0x75ff0000 0x8f000 6.01.7600.16567 C:\Windows\system32\OLEAUT32.dll
0x6e1d0000 0xaf000 8.00.0000.0000 C:\Program Files\Mozilla Firefox\MOZCPP19.dll
0x6fbf0000 0x7000 1.09.0002.3855 C:\Program Files\Mozilla Firefox\xpcom.dll
0x743c0000 0x40000 6.01.7600.16385 C:\Windows\system32\uxtheme.dll
0x74420000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x6f2f0000 0xeb000 6.01.7600.16385 C:\Windows\system32\dbghelp.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x773d0000 0x19d000 6.01.7600.16385 C:\Windows\system32\SETUPAPI.dll
0x75840000 0x27000 6.01.7600.16385 C:\Windows\system32\CFGMGR32.dll
0x75870000 0x12000 6.01.7600.16385 C:\Windows\system32\DEVOBJ.dll
0x772e0000 0x83000 2001.12.8530.16385 C:\Windows\system32\CLBCatQ.DLL
0x744f0000 0xf5000 7.00.7600.16385 C:\Windows\system32\propsys.dll
0x745f0000 0x21000 6.01.7600.16385 C:\Windows\system32\ntmarta.dll
0x76080000 0x45000 6.01.7600.16385 C:\Windows\system32\WLDAP32.dll
0x6fb50000 0x8000 1.09.0002.3855 C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
0x75200000 0x3c000 6.01.7600.16385 C:\Windows\system32\mswsock.dll
0x74d50000 0x5000 6.01.7600.16385 C:\Windows\System32\wshtcpip.dll
0x73910000 0x1c000 6.01.7600.16385 C:\Windows\system32\iphlpapi.dll
0x73900000 0x7000 6.01.7600.16385 C:\Windows\system32\WINNSI.DLL
0x73e00000 0x52000 6.01.7600.16385 C:\Windows\system32\rasapi32.dll
0x73de0000 0x15000 6.01.7600.16385 C:\Windows\system32\rasman.dll
0x73fc0000 0xd000 6.01.7600.16617 C:\Windows\system32\rtutils.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x6fb20000 0x24000 1.09.0002.3855 C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
0x10000000 0x11000 C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\udp036uw.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
0x03150000 0x481000 1.12.0000.36949 C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\udp036uw.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
0x6d0a0000 0x1c3000 6.01.7600.16385 C:\Windows\system32\d3d9.dll
0x74930000 0x6000 6.01.7600.16385 C:\Windows\system32\d3d8thk.dll
0x73520000 0x190000 6.01.7600.16385 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0x6df40000 0xc8000 6.01.7600.16385 C:\Windows\system32\OPENGL32.dll
0x6f290000 0x22000 6.01.7600.16385 C:\Windows\system32\GLU32.dll
0x6d870000 0xe7000 6.01.7600.16385 C:\Windows\system32\DDRAW.dll
0x6f950000 0x6000 6.01.7600.16385 C:\Windows\system32\DCIMAN32.dll
0x74670000 0x25000 6.01.7600.16385 C:\Windows\system32\POWRPROF.dll
0x77890000 0x5000 6.01.7600.16385 C:\Windows\system32\PSAPI.DLL
0x74e20000 0x17000 6.01.7600.16385 C:\Windows\system32\USERENV.dll
0x77570000 0xf4000 8.00.7600.16625 C:\Windows\system32\WININET.dll
0x77090000 0x3000 6.01.7600.16385 C:\Windows\system32\Normaliz.dll
0x75d70000 0x135000 8.00.7600.16625 C:\Windows\system32\urlmon.dll
0x759a0000 0x11c000 6.01.7600.16385 C:\Windows\system32\CRYPT32.dll
0x75830000 0xc000 6.01.7600.16415 C:\Windows\system32\MSASN1.dll
0x75b70000 0x1f9000 8.00.7600.16385 C:\Windows\system32\iertutil.dll
0x6f7a0000 0x1d000 6.01.7600.16444 C:\Windows\system32\t2embed.dll
0x74010000 0x2e000 6.01.7600.16385 C:\Windows\system32\shdocvw.dll
0x73bb0000 0x10000 6.01.7600.16385 C:\Windows\system32\NLAapi.dll
0x73f70000 0x10000 6.01.7600.16385 C:\Windows\system32\napinsp.dll
0x73e80000 0x12000 6.01.7600.16385 C:\Windows\system32\pnrpnsp.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x750c0000 0x44000 6.01.7600.16385 C:\Windows\system32\DNSAPI.dll
0x73f50000 0x8000 6.01.7600.16385 C:\Windows\System32\winrnr.dll
0x74040000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x74a10000 0x31000 6.01.7600.16385 C:\Windows\system32\EhStorShell.dll
0x72d00000 0x40b000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\GROOVEEX.DLL
0x72160000 0xa3000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
0x720d0000 0x8e000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
0x749e0000 0x2b000 9.00.30729.4148 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.DLL
0x73110000 0x40f000 14.00.4738.1000 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
0x69420000 0x886000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\1036\GrooveIntlResource.dll
0x74170000 0x6a000 6.01.7600.16385 C:\Windows\System32\cscui.dll
0x749d0000 0x9000 6.01.7600.16385 C:\Windows\System32\CSCDLL.dll
0x715e0000 0xb000 6.01.7600.16385 C:\Windows\system32\CSCAPI.dll
0x74350000 0x6f000 6.01.7600.16385 C:\Windows\system32\ntshrui.dll
0x75430000 0x19000 6.01.7600.16385 C:\Windows\system32\srvcli.dll
0x73a30000 0xa000 6.01.7600.16385 C:\Windows\system32\slc.dll
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x6e0a0000 0x79000 6.01.7600.16385 C:\Windows\system32\mscms.dll
0x751f0000 0x6000 6.01.7600.16385 C:\Windows\System32\wship6.dll
0x738a0000 0xd000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc6.DLL
0x723a0000 0x12000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc.DLL
0x71d80000 0x6000 6.01.7600.16385 C:\Windows\system32\rasadhlp.dll
0x6f260000 0x26000 3.12.0004.0000 C:\Program Files\Mozilla Firefox\softokn3.dll
0x6f750000 0x18000 3.12.0004.0000 C:\Program Files\Mozilla Firefox\nssdbm3.dll
0x6efc0000 0x41000 3.12.0004.0000 C:\Program Files\Mozilla Firefox\freebl3.dll
0x6e180000 0x50000 1.79.0000.0000 C:\Program Files\Mozilla Firefox\nssckbi.dll
0x71d10000 0x38000 6.01.7600.16385 C:\Windows\System32\fwpuclnt.dll
0x6f080000 0x12000 1.00.0000.0015 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
0x741e0000 0x16f000 6.01.7600.16385 C:\Windows\system32\explorerframe.dll
0x74b10000 0x2f000 6.01.7600.16385 C:\Windows\system32\DUser.dll
0x74a50000 0xb2000 6.01.7600.16385 C:\Windows\system32\DUI70.dll
0x756a0000 0x1a000 6.01.7600.16385 C:\Windows\system32\SspiCli.dll
0x6ef70000 0x2e000 6.01.7600.16385 C:\Windows\system32\mlang.dll
0x728b0000 0x132000 8.110.7600.16605 C:\Windows\System32\msxml3.dll
0x683f0000 0x760000 8.16.0011.9107 C:\Windows\system32\nvd3dum.dll
0x08fa0000 0x10f000 8.16.0011.9107 C:\Windows\system32\nvapi.dll
0x06b00000 0x28000 7.16.0011.9107 C:\Program Files\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
0x07730000 0x50000 7.16.0011.9107 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
0x6ec50000 0x38000 6.01.7600.16385 C:\Windows\system32\icm32.dll
No matching processes were found.
No matching processes were found.
No matching processes were found.
------------------------------------------------------------------------------
csrss.exe pid: 520
Command line: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a3f0000 0x5000 6.01.7600.16385 C:\Windows\system32\csrss.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x75820000 0xd000 6.01.7600.16385 C:\Windows\system32\CSRSRV.dll
0x75810000 0xe000 6.01.7600.16385 C:\Windows\system32\basesrv.DLL
0x757e0000 0x2c000 6.01.7600.16385 C:\Windows\system32\winsrv.DLL
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\SYSTEM32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x757d0000 0x9000 6.01.7600.16385 C:\Windows\system32\sxssrv.DLL
0x75720000 0x5f000 6.01.7600.16400 C:\Windows\system32\sxs.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
------------------------------------------------------------------------------
csrss.exe pid: 576
Command line: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a3f0000 0x5000 6.01.7600.16385 C:\Windows\system32\csrss.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x75820000 0xd000 6.01.7600.16385 C:\Windows\system32\CSRSRV.dll
0x75810000 0xe000 6.01.7600.16385 C:\Windows\system32\basesrv.DLL
0x757e0000 0x2c000 6.01.7600.16385 C:\Windows\system32\winsrv.DLL
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\SYSTEM32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x757d0000 0x9000 6.01.7600.16385 C:\Windows\system32\sxssrv.DLL
0x75720000 0x5f000 6.01.7600.16400 C:\Windows\system32\sxs.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
------------------------------------------------------------------------------
smss.exe pid: 372
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48230000 0x13000 \SystemRoot\System32\smss.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
------------------------------------------------------------------------------
winlogon.exe pid: 640
Command line: winlogon.exe
Base Size Version Path
0x00900000 0x47000 6.01.7600.16447 C:\Windows\system32\winlogon.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x75780000 0x29000 6.01.7600.16385 C:\Windows\system32\WINSTA.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.DLL
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x73890000 0x8000 6.01.7600.16385 C:\Windows\system32\UXINIT.dll
0x743c0000 0x40000 6.01.7600.16385 C:\Windows\system32\UxTheme.dll
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x74040000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x73f10000 0xf000 6.01.7600.16385 C:\Windows\system32\wkscli.dll
0x75310000 0x2b000 6.01.7600.16385 C:\Windows\system32\netjoin.dll
0x73f20000 0x9000 6.01.7600.16385 C:\Windows\system32\netutils.dll
0x756a0000 0x1a000 6.01.7600.16385 C:\Windows\system32\SspiCli.dll
0x73a30000 0xa000 6.01.7600.16385 C:\Windows\system32\slc.dll
0x72050000 0x12000 6.01.7600.16385 C:\Windows\system32\MPR.dll
0x753b0000 0x1b000 6.01.7600.16385 C:\Windows\system32\AUTHZ.dll
------------------------------------------------------------------------------
svchost.exe pid: 796
Command line: C:\Windows\system32\svchost.exe -k DcomLaunch
Base Size Version Path
0x000e0000 0x8000 6.01.7600.16385 C:\Windows\system32\svchost.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x74e70000 0x49000 6.01.7600.16385 c:\windows\system32\umpnpmgr.dll
0x74e50000 0x15000 6.01.7600.16385 c:\windows\system32\SPINF.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x74e40000 0xe000 6.01.7600.16385 c:\windows\system32\DEVRTL.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.DLL
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x74e20000 0x17000 6.01.7600.16385 C:\Windows\system32\USERENV.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x74e00000 0x16000 6.01.7600.16385 C:\Windows\system32\GPAPI.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x74de0000 0x20000 6.01.7600.16385 c:\windows\system32\umpo.dll
0x75780000 0x29000 6.01.7600.16385 c:\windows\system32\WINSTA.dll
0x773d0000 0x19d000 6.01.7600.16385 C:\Windows\system32\SETUPAPI.dll
0x75840000 0x27000 6.01.7600.16385 C:\Windows\system32\CFGMGR32.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x75ff0000 0x8f000 6.01.7600.16567 C:\Windows\system32\OLEAUT32.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x75870000 0x12000 6.01.7600.16385 C:\Windows\system32\DEVOBJ.dll
0x74dd0000 0xb000 6.01.7600.16385 c:\windows\system32\pcwum.DLL
0x74d70000 0x5f000 6.01.7600.16385 c:\windows\system32\rpcss.dll
0x756a0000 0x1a000 6.01.7600.16385 c:\windows\system32\SspiCli.dll
0x74fc0000 0x8000 6.01.7600.16385 C:\Windows\system32\credssp.dll
0x772e0000 0x83000 2001.12.8530.16385 C:\Windows\system32\CLBCatQ.DLL
0x75920000 0x2d000 6.01.7600.16493 C:\Windows\system32\WINTRUST.dll
0x759a0000 0x11c000 6.01.7600.16385 C:\Windows\system32\CRYPT32.dll
0x75830000 0xc000 6.01.7600.16415 C:\Windows\system32\MSASN1.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x74400000 0xd000 6.01.7600.16385 C:\Windows\system32\WTSAPI32.dll
0x6f3e0000 0x240000 5.00.7600.16385 C:\Windows\system32\msi.dll
0x77370000 0x57000 6.01.7600.16385 C:\Windows\system32\SHLWAPI.dll
0x710f0000 0x7000 5.00.7600.16385 C:\Windows\system32\msiltcfg.dll
0x74cc0000 0x9000 6.01.7600.16385 C:\Windows\system32\VERSION.dll
0x6d960000 0x3000 6.01.7600.16385 C:\Windows\system32\SFC.DLL
0x6dc60000 0xd000 6.01.7600.16385 C:\Windows\system32\sfc_os.DLL
0x745f0000 0x21000 6.01.7600.16385 C:\Windows\system32\ntmarta.dll
0x76080000 0x45000 6.01.7600.16385 C:\Windows\system32\WLDAP32.dll
0x724f0000 0x23000 6.01.7600.16385 C:\Windows\system32\wbem\wmidcprv.dll
0x6dde0000 0x96000 6.01.7600.16385 C:\Windows\system32\wbem\FastProx.dll
0x6e010000 0x5c000 6.01.7600.16385 C:\Windows\system32\wbemcomn.dll
0x75fb0000 0x35000 6.01.7600.16385 C:\Windows\system32\WS2_32.dll
0x75ac0000 0x6000 6.01.7600.16385 C:\Windows\system32\NSI.dll
0x6ddc0000 0x18000 6.01.7600.16385 C:\Windows\system32\NTDSAPI.dll
0x6e120000 0xa000 6.01.7600.16385 C:\Windows\system32\wbem\wbemprox.dll
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x73e60000 0xf000 6.01.7600.16385 C:\Windows\system32\wbem\wbemsvc.dll
0x6dc20000 0x17000 6.01.7600.16385 C:\Windows\system32\wbem\wmiutils.dll
------------------------------------------------------------------------------
svchost.exe pid: 912
Command line: C:\Windows\system32\svchost.exe -k RPCSS
Base Size Version Path
0x000e0000 0x8000 6.01.7600.16385 C:\Windows\system32\svchost.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\s
¤¤¤¤¤¤¤¤¤¤¤ DLLs ¤¤¤¤¤¤¤¤¤¤
------------------------------------------------------------------------------
explorer.exe pid: 1760
Command line: Explorer.exe
Base Size Version Path
0x00970000 0x281000 6.01.7600.16450 C:\Windows\Explorer.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x77370000 0x57000 6.01.7600.16385 C:\Windows\system32\SHLWAPI.dll
0x76280000 0xc49000 6.01.7600.16644 C:\Windows\system32\SHELL32.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x75ff0000 0x8f000 6.01.7600.16567 C:\Windows\system32\OLEAUT32.dll
0x741e0000 0x16f000 6.01.7600.16385 C:\Windows\system32\EXPLORERFRAME.dll
0x74b10000 0x2f000 6.01.7600.16385 C:\Windows\system32\DUser.dll
0x74a50000 0xb2000 6.01.7600.16385 C:\Windows\system32\DUI70.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.dll
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x743c0000 0x40000 6.01.7600.16385 C:\Windows\system32\UxTheme.dll
0x74670000 0x25000 6.01.7600.16385 C:\Windows\system32\POWRPROF.dll
0x773d0000 0x19d000 6.01.7600.16385 C:\Windows\system32\SETUPAPI.dll
0x75840000 0x27000 6.01.7600.16385 C:\Windows\system32\CFGMGR32.dll
0x75870000 0x12000 6.01.7600.16385 C:\Windows\system32\DEVOBJ.dll
0x74420000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x73a30000 0xa000 6.01.7600.16385 C:\Windows\system32\slc.dll
0x73520000 0x190000 6.01.7600.16385 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0x75550000 0x8000 6.01.7600.16385 C:\Windows\system32\Secur32.dll
0x756a0000 0x1a000 6.01.7600.16385 C:\Windows\system32\SSPICLI.DLL
0x744f0000 0xf5000 7.00.7600.16385 C:\Windows\system32\PROPSYS.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x746d0000 0x19e000 6.10.7600.16400 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
0x74040000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x772e0000 0x83000 2001.12.8530.16385 C:\Windows\system32\CLBCatQ.DLL
0x74a10000 0x31000 6.01.7600.16385 C:\Windows\system32\EhStorShell.dll
0x72d00000 0x40b000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\GROOVEEX.DLL
0x72160000 0xa3000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
0x720d0000 0x8e000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
0x749e0000 0x2b000 9.00.30729.4148 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.DLL
0x73110000 0x40f000 14.00.4738.1000 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
0x69420000 0x886000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\1036\GrooveIntlResource.dll
0x74170000 0x6a000 6.01.7600.16385 C:\Windows\System32\cscui.dll
0x749d0000 0x9000 6.01.7600.16385 C:\Windows\System32\CSCDLL.dll
0x715e0000 0xb000 6.01.7600.16385 C:\Windows\system32\CSCAPI.dll
0x74350000 0x6f000 6.01.7600.16385 C:\Windows\system32\ntshrui.dll
0x75430000 0x19000 6.01.7600.16385 C:\Windows\system32\srvcli.dll
0x74ba0000 0x6000 6.01.7600.16385 C:\Windows\system32\IconCodecService.dll
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x74440000 0x38000 6.01.7600.16385 C:\Windows\system32\SndVolSSO.DLL
0x749c0000 0x9000 6.01.7600.16385 C:\Windows\system32\HID.DLL
0x74630000 0x39000 6.01.7600.16385 C:\Windows\System32\MMDevApi.dll
0x73d60000 0x78000 6.01.7600.16385 C:\Windows\system32\timedate.cpl
0x73b30000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL
0x6f8c0000 0x4e000 6.01.7600.16385 C:\Windows\system32\actxprxy.dll
0x745f0000 0x21000 6.01.7600.16385 C:\Windows\system32\ntmarta.dll
0x76080000 0x45000 6.01.7600.16385 C:\Windows\system32\WLDAP32.dll
0x74010000 0x2e000 6.01.7600.16385 C:\Windows\System32\shdocvw.dll
0x710f0000 0x7000 5.00.7600.16385 C:\Windows\system32\msiltcfg.dll
0x74cc0000 0x9000 6.01.7600.16385 C:\Windows\system32\VERSION.dll
0x6f3e0000 0x240000 5.00.7600.16385 C:\Windows\system32\msi.dll
0x749b0000 0x9000 6.01.7600.16385 C:\Windows\system32\LINKINFO.dll
0x70d00000 0x278000 6.01.7600.16385 C:\Windows\System32\gameux.dll
0x74140000 0x2f000 1.03.1000.0000 C:\Windows\System32\XmlLite.dll
0x759a0000 0x11c000 6.01.7600.16385 C:\Windows\system32\CRYPT32.dll
0x75830000 0xc000 6.01.7600.16415 C:\Windows\system32\MSASN1.dll
0x6f010000 0x60000 6.01.7600.16385 C:\Windows\System32\wer.dll
0x744b0000 0x12000 6.01.7600.16385 C:\Windows\system32\SAMLIB.dll
0x73f00000 0xf000 6.01.7600.16385 C:\Windows\system32\samcli.dll
0x73f20000 0x9000 6.01.7600.16385 C:\Windows\system32\netutils.dll
0x737a0000 0x94000 5.41.0021.2509 C:\Windows\system32\MsftEdit.dll
0x73fe0000 0x2a000 3.10.0349.0000 C:\Windows\system32\msls31.dll
0x73d00000 0x58000 6.01.7600.16385 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x72b40000 0x1b7000 6.01.7600.16385 C:\Windows\system32\authui.dll
0x727b0000 0xf8000 6.01.7600.16385 C:\Windows\system32\CRYPTUI.dll
0x77890000 0x5000 6.01.7600.16385 C:\Windows\system32\PSAPI.DLL
0x706a0000 0x198000 6.01.7600.16385 C:\Windows\system32\NetworkExplorer.dll
0x73980000 0x32000 6.01.7600.16385 C:\Windows\system32\WINMM.dll
0x746b0000 0x1b000 6.01.7600.16385 C:\Windows\System32\UIAnimation.dll
0x73f90000 0x30000 6.01.7600.16385 C:\Windows\system32\wdmaud.drv
0x74410000 0x4000 6.01.7600.16385 C:\Windows\system32\ksuser.dll
0x746a0000 0x7000 6.01.7600.16385 C:\Windows\system32\AVRT.dll
0x6e730000 0x36000 6.01.7600.16385 C:\Windows\system32\AUDIOSES.DLL
0x74620000 0x8000 6.01.7600.16385 C:\Windows\system32\msacm32.drv
0x73ea0000 0x14000 6.01.7600.16385 C:\Windows\system32\MSACM32.dll
0x744e0000 0x7000 6.01.7600.16385 C:\Windows\system32\midimap.dll
0x739f0000 0x39000 6.01.7600.16385 C:\Windows\system32\stobject.dll
0x736e0000 0xb7000 6.01.7600.16385 C:\Windows\system32\BatMeter.dll
0x75780000 0x29000 6.01.7600.16385 C:\Windows\system32\WINSTA.dll
0x74400000 0xd000 6.01.7600.16385 C:\Windows\system32\WTSAPI32.dll
0x73a40000 0x47000 2001.12.8530.16385 C:\Windows\system32\es.dll
0x72ad0000 0x64000 6.01.7600.16385 C:\Windows\system32\prnfldr.dll
0x71fc0000 0x51000 6.01.7600.16385 C:\Windows\system32\WINSPOOL.DRV
0x729f0000 0x64000 6.01.7600.16385 C:\Windows\system32\dxp.dll
0x75d70000 0x135000 8.00.7600.16625 C:\Windows\system32\urlmon.dll
0x75b70000 0x1f9000 8.00.7600.16385 C:\Windows\system32\iertutil.dll
0x75920000 0x2d000 6.01.7600.16493 C:\Windows\system32\WINTRUST.dll
0x744d0000 0x10000 2007.94.7600.16385 C:\Windows\system32\Syncreg.dll
0x73fd0000 0x8000 6.01.7600.16385 C:\Windows\ehome\ehSSO.dll
0x6e450000 0x265000 6.01.7600.16385 C:\Windows\System32\netshell.dll
0x73910000 0x1c000 6.01.7600.16385 C:\Windows\System32\IPHLPAPI.DLL
0x75ac0000 0x6000 6.01.7600.16385 C:\Windows\system32\NSI.dll
0x73900000 0x7000 6.01.7600.16385 C:\Windows\System32\WINNSI.DLL
0x73bb0000 0x10000 6.01.7600.16385 C:\Windows\System32\nlaapi.dll
0x73f80000 0xe000 6.01.7600.16385 C:\Windows\System32\AltTab.dll
0x736c0000 0x1d000 6.01.7600.16385 C:\Windows\system32\wpdshserviceobj.dll
0x72780000 0x2b000 6.01.7600.16385 C:\Windows\system32\PortableDeviceTypes.dll
0x71c80000 0x89000 6.01.7600.16385 C:\Windows\system32\PortableDeviceApi.dll
0x704f0000 0x1ae000 6.01.7600.16385 C:\Windows\System32\pnidui.dll
0x722a0000 0x17000 6.01.7600.16385 C:\Windows\System32\QUtil.dll
0x753e0000 0x42000 6.01.7600.16385 C:\Windows\System32\wevtapi.dll
0x738a0000 0xd000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc6.DLL
0x75fb0000 0x35000 6.01.7600.16385 C:\Windows\system32\WS2_32.dll
0x723a0000 0x12000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc.DLL
0x74e20000 0x17000 6.01.7600.16385 C:\Windows\system32\USERENV.dll
0x74fc0000 0x8000 6.01.7600.16385 C:\Windows\system32\credssp.dll
0x712b0000 0x8000 6.01.7600.16385 C:\Windows\System32\npmproxy.dll
0x6e130000 0x25000 6.01.7600.16385 C:\Windows\System32\cscobj.dll
0x72080000 0x4d000 7.00.7600.16385 C:\Windows\System32\srchadmin.dll
0x6c780000 0x16000 6.01.7600.16385 C:\Windows\system32\Wlanapi.dll
0x6c7d0000 0x6000 6.01.7600.16385 C:\Windows\system32\wlanutil.dll
0x71bc0000 0x48000 6.01.7600.16385 C:\Windows\system32\wwanapi.dll
0x73f60000 0xa000 8.01.0002.0000 C:\Windows\system32\wwapi.dll
0x72020000 0x2e000 6.01.7600.16385 C:\Windows\System32\QAgent.dll
0x71a10000 0xb0000 6.01.7600.16385 C:\Windows\System32\bthprops.cpl
0x67650000 0xa7e000 8.00.7600.16625 C:\Windows\System32\ieframe.dll
0x71920000 0x3c000 7.00.0000.0000 C:\Windows\System32\OLEACC.dll
0x702e0000 0x20e000 6.01.7600.16385 C:\Windows\System32\SyncCenter.dll
0x70c40000 0xba000 6.01.7600.16385 C:\Windows\System32\Actioncenter.dll
0x71870000 0x64000 6.01.7600.16385 C:\Windows\system32\imapi2.dll
0x71660000 0x4f000 6.01.7600.16385 C:\Windows\System32\hgcpl.dll
0x73ed0000 0x2b000 6.01.7600.16385 C:\Windows\System32\provsvc.dll
0x73f10000 0xf000 6.01.7600.16385 C:\Windows\system32\wkscli.dll
0x70200000 0xd2000 6.01.7600.16385 C:\Windows\system32\fxsst.dll
0x71620000 0x3a000 6.01.7600.16385 C:\Windows\system32\FXSAPI.dll
0x70110000 0xe3000 6.01.7600.16385 C:\Windows\system32\FXSRESM.DLL
0x75720000 0x5f000 6.01.7600.16400 C:\Windows\system32\SXS.DLL
0x71600000 0x1a000 6.01.7600.16385 C:\Windows\System32\wscinterop.dll
0x6f880000 0xf000 6.01.7600.16385 C:\Windows\System32\WSCAPI.dll
0x6fef0000 0x11a000 6.01.7600.16385 C:\Windows\System32\wscui.cpl
0x6fde0000 0x106000 6.01.7600.16385 C:\Windows\System32\werconcpl.dll
0x71150000 0x35000 6.01.7600.16385 C:\Windows\System32\framedynos.dll
0x71500000 0x12000 6.01.7600.16385 C:\Windows\System32\wercplsupport.dll
0x71b50000 0x9000 6.01.7600.16385 C:\Windows\System32\hcproviders.dll
0x6bf30000 0x2b000 8.00.7600.16625 C:\Program Files\Internet Explorer\ieproxy.dll
0x6e380000 0x9f000 6.01.7600.16385 C:\Windows\system32\SearchFolder.dll
0x6ecc0000 0x5c000 7.00.7600.16385 C:\Windows\System32\StructuredQuery.dll
0x6f8a0000 0x16000 6.01.7600.16385 C:\Windows\system32\thumbcache.dll
0x74cd0000 0x76000 6.01.7600.16385 C:\Windows\system32\FirewallAPI.dll
0x72050000 0x12000 6.01.7600.16385 C:\Windows\system32\MPR.dll
0x6e320000 0x52000 6.01.7600.16385 C:\Windows\system32\zipfldr.dll
0x6eca0000 0xd000 6.01.7600.16385 C:\Windows\system32\dfscli.dll
0x6e6e0000 0xd000 6.01.7600.16385 C:\Windows\system32\browcli.dll
0x75200000 0x3c000 6.01.7600.16385 C:\Windows\system32\mswsock.dll
0x750c0000 0x44000 6.01.7600.16385 C:\Windows\system32\DNSAPI.dll
0x71d80000 0x6000 6.01.7600.16385 C:\Windows\system32\rasadhlp.dll
0x74e40000 0xe000 6.01.7600.16385 C:\Windows\system32\DEVRTL.dll
0x6d4a0000 0x33000 6.01.7600.16385 C:\Program Files\Windows Portable Devices\SqmApi.dll
0x6f2c0000 0x22000 6.01.7600.16385 C:\Windows\system32\EhStorAPI.dll
0x6ed20000 0xc6000 6.01.7600.16385 C:\Windows\System32\NaturalLanguage6.dll
0x6c460000 0x28f000 6.01.7600.16385 C:\Windows\System32\NLSData000c.dll
0x67050000 0x5f4000 6.01.7600.16385 C:\Windows\System32\NLSLexicons000c.dll
0x10000000 0x1e000 3.03.0000.0005 C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
0x77570000 0xf4000 8.00.7600.16625 C:\Windows\system32\WININET.dll
0x77090000 0x3000 6.01.7600.16385 C:\Windows\system32\Normaliz.dll
0x6d9c0000 0x238000 6.01.7600.16385 C:\Windows\system32\wpdshext.dll
0x6a770000 0x30b000 12.00.7600.16385 C:\Windows\System32\mf.dll
0x6d6c0000 0x59000 12.00.7600.16385 C:\Windows\System32\MFPlat.DLL
0x3e200000 0x24000 1.02.0000.0001 C:\Windows\system32\nvshext.dll
0x0df50000 0x10f000 8.16.0011.9107 C:\Windows\system32\nvapi.dll
0x6fb00000 0x17000 6.01.7600.16385 C:\Program Files\Windows Sidebar\sbdrop.dll
0x6f190000 0x44000 6.01.7600.16385 C:\Windows\system32\lzhfldr2.dll
0x03430000 0x2e000 3.80.0000.0000 C:\Program Files\WinRAR\rarext.dll
0x025d0000 0x4c000 9.00.0000.0004 C:\Program Files\Avira\AntiVir Desktop\shlext.dll
0x02720000 0x32000 4.06.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x02590000 0x12000 1.02.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x0c4a0000 0x173000 3.01.0000.0001 c:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll
0x771a0000 0x7b000 6.01.7600.16385 C:\Windows\system32\COMDLG32.dll
0x6f0d0000 0x29000 6.01.7600.16385 C:\Windows\system32\syncui.dll
0x6f960000 0x16000 6.01.7600.16385 C:\Windows\system32\SYNCENG.dll
0x6faf0000 0xc000 6.01.7600.16385 C:\Program Files\Windows Photo Viewer\PhotoBase.dll
0x03f20000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x6f0a0000 0x27000 6.01.7600.16385 C:\Windows\system32\twext.dll
0x6d960000 0x3000 6.01.7600.16385 C:\Windows\system32\SFC.DLL
0x6dc60000 0xd000 6.01.7600.16385 C:\Windows\system32\sfc_os.DLL
0x6fd70000 0x24000 6.01.7600.16500 C:\Windows\system32\cabview.dll
0x5e8a0000 0x9f000 6.01.7600.16385 C:\Windows\system32\van.dll
0x5e6e0000 0xd3000 6.01.7600.16385 C:\Windows\system32\RasMM.dll
0x73e00000 0x52000 6.01.7600.16385 C:\Windows\system32\RASAPI32.dll
0x73de0000 0x15000 6.01.7600.16385 C:\Windows\system32\rasman.dll
0x73fc0000 0xd000 6.01.7600.16617 C:\Windows\system32\rtutils.dll
0x73a90000 0x9000 6.01.7600.16385 C:\Windows\system32\dsrole.dll
0x70f80000 0x157000 6.30.7600.16385 C:\Windows\System32\msxml6.dll
0x595f0000 0xa7000 8.01.0002.0000 C:\Windows\system32\WWanMM.dll
0x59530000 0xb9000 6.01.7600.16385 C:\Windows\system32\WlanMM.dll
0x5e660000 0x17000 6.01.7600.16385 C:\Windows\system32\wlanhlp.dll
0x5e620000 0x34000 6.01.7600.16385 C:\Windows\system32\OneX.DLL
0x5e600000 0x11000 6.01.7600.16385 C:\Windows\system32\eappprxy.dll
0x5e5d0000 0x2f000 6.01.7600.16385 C:\Windows\system32\eappcfg.dll
0x6fc40000 0x8000 6.01.7600.16385 C:\Windows\System32\drprov.dll
0x6f930000 0x14000 6.01.7600.16385 C:\Windows\System32\ntlanman.dll
0x6f910000 0x16000 6.01.7600.16385 C:\Windows\System32\davclnt.dll
0x70b70000 0x8000 6.01.7600.16385 C:\Windows\System32\DAVHLPR.dll
0x728b0000 0x132000 8.110.7600.16605 C:\Windows\System32\msxml3.dll
0x024f0000 0xf000 C:\Users\nico\AppData\Local\Temp\catchme.dll
------------------------------------------------------------------------------
explorer.exe pid: 3840
Command line: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Base Size Version Path
0x00970000 0x281000 6.01.7600.16450 C:\Windows\explorer.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x77370000 0x57000 6.01.7600.16385 C:\Windows\system32\SHLWAPI.dll
0x76280000 0xc49000 6.01.7600.16644 C:\Windows\system32\SHELL32.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x75ff0000 0x8f000 6.01.7600.16567 C:\Windows\system32\OLEAUT32.dll
0x741e0000 0x16f000 6.01.7600.16385 C:\Windows\system32\EXPLORERFRAME.dll
0x74b10000 0x2f000 6.01.7600.16385 C:\Windows\system32\DUser.dll
0x74a50000 0xb2000 6.01.7600.16385 C:\Windows\system32\DUI70.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.dll
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x743c0000 0x40000 6.01.7600.16385 C:\Windows\system32\UxTheme.dll
0x74670000 0x25000 6.01.7600.16385 C:\Windows\system32\POWRPROF.dll
0x773d0000 0x19d000 6.01.7600.16385 C:\Windows\system32\SETUPAPI.dll
0x75840000 0x27000 6.01.7600.16385 C:\Windows\system32\CFGMGR32.dll
0x75870000 0x12000 6.01.7600.16385 C:\Windows\system32\DEVOBJ.dll
0x74420000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x73a30000 0xa000 6.01.7600.16385 C:\Windows\system32\slc.dll
0x73520000 0x190000 6.01.7600.16385 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0x75550000 0x8000 6.01.7600.16385 C:\Windows\system32\Secur32.dll
0x756a0000 0x1a000 6.01.7600.16385 C:\Windows\system32\SSPICLI.DLL
0x744f0000 0xf5000 7.00.7600.16385 C:\Windows\system32\PROPSYS.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x746d0000 0x19e000 6.10.7600.16400 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
0x772e0000 0x83000 2001.12.8530.16385 C:\Windows\system32\CLBCatQ.DLL
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x6f8c0000 0x4e000 6.01.7600.16385 C:\Windows\system32\actxprxy.dll
0x75720000 0x5f000 6.01.7600.16400 C:\Windows\system32\SXS.DLL
0x74040000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x74a10000 0x31000 6.01.7600.16385 C:\Windows\system32\EhStorShell.dll
0x72d00000 0x40b000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\GROOVEEX.DLL
0x72160000 0xa3000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
0x720d0000 0x8e000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
0x749e0000 0x2b000 9.00.30729.4148 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.DLL
0x73110000 0x40f000 14.00.4738.1000 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
0x69420000 0x886000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\1036\GrooveIntlResource.dll
0x74170000 0x6a000 6.01.7600.16385 C:\Windows\System32\cscui.dll
0x749d0000 0x9000 6.01.7600.16385 C:\Windows\System32\CSCDLL.dll
0x715e0000 0xb000 6.01.7600.16385 C:\Windows\system32\CSCAPI.dll
0x74350000 0x6f000 6.01.7600.16385 C:\Windows\system32\ntshrui.dll
0x75430000 0x19000 6.01.7600.16385 C:\Windows\system32\srvcli.dll
0x737a0000 0x94000 5.41.0021.2509 C:\Windows\system32\MsftEdit.dll
0x73fe0000 0x2a000 3.10.0349.0000 C:\Windows\system32\msls31.dll
0x75d70000 0x135000 8.00.7600.16625 C:\Windows\system32\urlmon.dll
0x759a0000 0x11c000 6.01.7600.16385 C:\Windows\system32\CRYPT32.dll
0x75830000 0xc000 6.01.7600.16415 C:\Windows\system32\MSASN1.dll
0x75b70000 0x1f9000 8.00.7600.16385 C:\Windows\system32\iertutil.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x77570000 0xf4000 8.00.7600.16625 C:\Windows\system32\WININET.dll
0x77090000 0x3000 6.01.7600.16385 C:\Windows\system32\Normaliz.dll
0x74140000 0x2f000 1.03.1000.0000 C:\Windows\system32\xmllite.dll
0x6bf30000 0x2b000 8.00.7600.16625 C:\Program Files\Internet Explorer\ieproxy.dll
0x6f8a0000 0x16000 6.01.7600.16385 C:\Windows\system32\thumbcache.dll
0x77890000 0x5000 6.01.7600.16385 C:\Windows\system32\PSAPI.DLL
0x745f0000 0x21000 6.01.7600.16385 C:\Windows\system32\ntmarta.dll
0x76080000 0x45000 6.01.7600.16385 C:\Windows\system32\WLDAP32.dll
0x74010000 0x2e000 6.01.7600.16385 C:\Windows\system32\SHDOCVW.dll
0x67650000 0xa7e000 8.00.7600.16625 C:\Windows\system32\ieframe.DLL
0x71920000 0x3c000 7.00.0000.0000 C:\Windows\system32\OLEACC.dll
0x706a0000 0x198000 6.01.7600.16385 C:\Windows\system32\NetworkExplorer.dll
0x73f00000 0xf000 6.01.7600.16385 C:\Windows\system32\samcli.dll
0x744b0000 0x12000 6.01.7600.16385 C:\Windows\system32\SAMLIB.dll
0x73f20000 0x9000 6.01.7600.16385 C:\Windows\system32\netutils.dll
0x749b0000 0x9000 6.01.7600.16385 C:\Windows\system32\LINKINFO.dll
0x6ecc0000 0x5c000 7.00.7600.16385 C:\Windows\System32\StructuredQuery.dll
0x73980000 0x32000 6.01.7600.16385 C:\Windows\system32\WINMM.dll
0x72050000 0x12000 6.01.7600.16385 C:\Windows\system32\MPR.dll
0x6fc40000 0x8000 6.01.7600.16385 C:\Windows\System32\drprov.dll
0x75780000 0x29000 6.01.7600.16385 C:\Windows\System32\WINSTA.dll
0x6f930000 0x14000 6.01.7600.16385 C:\Windows\System32\ntlanman.dll
0x6f910000 0x16000 6.01.7600.16385 C:\Windows\System32\davclnt.dll
0x70b70000 0x8000 6.01.7600.16385 C:\Windows\System32\DAVHLPR.dll
0x75920000 0x2d000 6.01.7600.16493 C:\Windows\system32\WINTRUST.dll
0x73f10000 0xf000 6.01.7600.16385 C:\Windows\system32\wkscli.dll
0x71c80000 0x89000 6.01.7600.16385 C:\Windows\system32\PortableDeviceApi.dll
0x6f2c0000 0x22000 6.01.7600.16385 C:\Windows\system32\EhStorAPI.dll
0x736b0000 0xd000 6.01.7600.16385 C:\Windows\system32\NetworkItemFactory.dll
0x714f0000 0xb000 6.01.7600.16385 C:\Windows\system32\dtsh.dll
0x74cd0000 0x76000 6.01.7600.16385 C:\Windows\system32\FirewallAPI.dll
0x74cc0000 0x9000 6.01.7600.16385 C:\Windows\system32\VERSION.dll
0x6e420000 0x15000 6.01.7600.16385 C:\Windows\system32\Cabinet.dll
0x73910000 0x1c000 6.01.7600.16385 C:\Windows\system32\IPHLPAPI.DLL
0x75ac0000 0x6000 6.01.7600.16385 C:\Windows\system32\NSI.dll
0x73900000 0x7000 6.01.7600.16385 C:\Windows\system32\WINNSI.DLL
0x75fb0000 0x35000 6.01.7600.16385 C:\Windows\system32\WS2_32.dll
0x6eca0000 0xd000 6.01.7600.16385 C:\Windows\system32\dfscli.dll
0x6e6e0000 0xd000 6.01.7600.16385 C:\Windows\system32\browcli.dll
0x75200000 0x3c000 6.01.7600.16385 C:\Windows\system32\mswsock.dll
0x750c0000 0x44000 6.01.7600.16385 C:\Windows\system32\DNSAPI.dll
0x738a0000 0xd000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc6.DLL
0x723a0000 0x12000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc.DLL
0x71d80000 0x6000 6.01.7600.16385 C:\Windows\system32\rasadhlp.dll
0x73e00000 0x52000 6.01.7600.16385 C:\Windows\system32\RASAPI32.dll
0x73de0000 0x15000 6.01.7600.16385 C:\Windows\system32\rasman.dll
0x73fc0000 0xd000 6.01.7600.16617 C:\Windows\system32\rtutils.dll
0x6e6d0000 0x6000 6.01.7600.16385 C:\Windows\system32\sensapi.dll
0x73bb0000 0x10000 6.01.7600.16385 C:\Windows\system32\NLAapi.dll
0x73f70000 0x10000 6.01.7600.16385 C:\Windows\system32\napinsp.dll
0x73e80000 0x12000 6.01.7600.16385 C:\Windows\system32\pnrpnsp.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x73f50000 0x8000 6.01.7600.16385 C:\Windows\System32\winrnr.dll
0x74d50000 0x5000 6.01.7600.16385 C:\Windows\System32\wshtcpip.dll
0x751f0000 0x6000 6.01.7600.16385 C:\Windows\System32\wship6.dll
0x71d10000 0x38000 6.01.7600.16385 C:\Windows\System32\fwpuclnt.dll
------------------------------------------------------------------------------
explorer.exe pid: 4364
Command line: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Base Size Version Path
0x00970000 0x281000 6.01.7600.16450 C:\Windows\explorer.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x77370000 0x57000 6.01.7600.16385 C:\Windows\system32\SHLWAPI.dll
0x76280000 0xc49000 6.01.7600.16644 C:\Windows\system32\SHELL32.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x75ff0000 0x8f000 6.01.7600.16567 C:\Windows\system32\OLEAUT32.dll
0x741e0000 0x16f000 6.01.7600.16385 C:\Windows\system32\EXPLORERFRAME.dll
0x74b10000 0x2f000 6.01.7600.16385 C:\Windows\system32\DUser.dll
0x74a50000 0xb2000 6.01.7600.16385 C:\Windows\system32\DUI70.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.dll
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x743c0000 0x40000 6.01.7600.16385 C:\Windows\system32\UxTheme.dll
0x74670000 0x25000 6.01.7600.16385 C:\Windows\system32\POWRPROF.dll
0x773d0000 0x19d000 6.01.7600.16385 C:\Windows\system32\SETUPAPI.dll
0x75840000 0x27000 6.01.7600.16385 C:\Windows\system32\CFGMGR32.dll
0x75870000 0x12000 6.01.7600.16385 C:\Windows\system32\DEVOBJ.dll
0x74420000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x73a30000 0xa000 6.01.7600.16385 C:\Windows\system32\slc.dll
0x73520000 0x190000 6.01.7600.16385 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0x75550000 0x8000 6.01.7600.16385 C:\Windows\system32\Secur32.dll
0x756a0000 0x1a000 6.01.7600.16385 C:\Windows\system32\SSPICLI.DLL
0x744f0000 0xf5000 7.00.7600.16385 C:\Windows\system32\PROPSYS.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x746d0000 0x19e000 6.10.7600.16400 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
0x772e0000 0x83000 2001.12.8530.16385 C:\Windows\system32\CLBCatQ.DLL
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x6f8c0000 0x4e000 6.01.7600.16385 C:\Windows\system32\actxprxy.dll
0x75720000 0x5f000 6.01.7600.16400 C:\Windows\system32\SXS.DLL
0x74040000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x74a10000 0x31000 6.01.7600.16385 C:\Windows\system32\EhStorShell.dll
0x72d00000 0x40b000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\GROOVEEX.DLL
0x72160000 0xa3000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
0x720d0000 0x8e000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
0x749e0000 0x2b000 9.00.30729.4148 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.DLL
0x73110000 0x40f000 14.00.4738.1000 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
0x69420000 0x886000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\1036\GrooveIntlResource.dll
0x74170000 0x6a000 6.01.7600.16385 C:\Windows\System32\cscui.dll
0x749d0000 0x9000 6.01.7600.16385 C:\Windows\System32\CSCDLL.dll
0x715e0000 0xb000 6.01.7600.16385 C:\Windows\system32\CSCAPI.dll
0x74350000 0x6f000 6.01.7600.16385 C:\Windows\system32\ntshrui.dll
0x75430000 0x19000 6.01.7600.16385 C:\Windows\system32\srvcli.dll
0x737a0000 0x94000 5.41.0021.2509 C:\Windows\system32\MsftEdit.dll
0x73fe0000 0x2a000 3.10.0349.0000 C:\Windows\system32\msls31.dll
0x73d00000 0x58000 6.01.7600.16385 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x75d70000 0x135000 8.00.7600.16625 C:\Windows\system32\urlmon.dll
0x759a0000 0x11c000 6.01.7600.16385 C:\Windows\system32\CRYPT32.dll
0x75830000 0xc000 6.01.7600.16415 C:\Windows\system32\MSASN1.dll
0x75b70000 0x1f9000 8.00.7600.16385 C:\Windows\system32\iertutil.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x10000000 0x1e000 3.03.0000.0005 C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
0x77570000 0xf4000 8.00.7600.16625 C:\Windows\system32\WININET.dll
0x77090000 0x3000 6.01.7600.16385 C:\Windows\system32\Normaliz.dll
0x74140000 0x2f000 1.03.1000.0000 C:\Windows\system32\xmllite.dll
0x6bf30000 0x2b000 8.00.7600.16625 C:\Program Files\Internet Explorer\ieproxy.dll
0x6f8a0000 0x16000 6.01.7600.16385 C:\Windows\system32\thumbcache.dll
0x77890000 0x5000 6.01.7600.16385 C:\Windows\system32\PSAPI.DLL
0x745f0000 0x21000 6.01.7600.16385 C:\Windows\system32\ntmarta.dll
0x76080000 0x45000 6.01.7600.16385 C:\Windows\system32\WLDAP32.dll
0x74010000 0x2e000 6.01.7600.16385 C:\Windows\system32\SHDOCVW.dll
0x67650000 0xa7e000 8.00.7600.16625 C:\Windows\system32\ieframe.DLL
0x71920000 0x3c000 7.00.0000.0000 C:\Windows\system32\OLEACC.dll
0x706a0000 0x198000 6.01.7600.16385 C:\Windows\system32\NetworkExplorer.dll
0x73f00000 0xf000 6.01.7600.16385 C:\Windows\system32\samcli.dll
0x744b0000 0x12000 6.01.7600.16385 C:\Windows\system32\SAMLIB.dll
0x73f20000 0x9000 6.01.7600.16385 C:\Windows\system32\netutils.dll
0x6ecc0000 0x5c000 7.00.7600.16385 C:\Windows\System32\StructuredQuery.dll
0x749b0000 0x9000 6.01.7600.16385 C:\Windows\system32\LINKINFO.dll
0x73980000 0x32000 6.01.7600.16385 C:\Windows\system32\WINMM.dll
0x72050000 0x12000 6.01.7600.16385 C:\Windows\system32\MPR.dll
0x75920000 0x2d000 6.01.7600.16493 C:\Windows\system32\WINTRUST.dll
0x6fc40000 0x8000 6.01.7600.16385 C:\Windows\System32\drprov.dll
0x75780000 0x29000 6.01.7600.16385 C:\Windows\System32\WINSTA.dll
0x6f930000 0x14000 6.01.7600.16385 C:\Windows\System32\ntlanman.dll
0x6f910000 0x16000 6.01.7600.16385 C:\Windows\System32\davclnt.dll
0x70b70000 0x8000 6.01.7600.16385 C:\Windows\System32\DAVHLPR.dll
0x73f10000 0xf000 6.01.7600.16385 C:\Windows\system32\wkscli.dll
0x736b0000 0xd000 6.01.7600.16385 C:\Windows\system32\NetworkItemFactory.dll
0x714f0000 0xb000 6.01.7600.16385 C:\Windows\system32\dtsh.dll
0x74cd0000 0x76000 6.01.7600.16385 C:\Windows\system32\FirewallAPI.dll
0x74cc0000 0x9000 6.01.7600.16385 C:\Windows\system32\VERSION.dll
0x71c80000 0x89000 6.01.7600.16385 C:\Windows\system32\PortableDeviceApi.dll
0x6f2c0000 0x22000 6.01.7600.16385 C:\Windows\system32\EhStorAPI.dll
0x712b0000 0x8000 6.01.7600.16385 C:\Windows\System32\npmproxy.dll
0x716b0000 0x2b000 6.01.7600.16385 C:\Windows\system32\FunDisc.dll
0x73b30000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL
0x6fd70000 0x24000 6.01.7600.16500 C:\Windows\system32\cabview.dll
0x70f80000 0x157000 6.30.7600.16385 C:\Windows\System32\msxml6.dll
0x6e420000 0x15000 6.01.7600.16385 C:\Windows\system32\Cabinet.dll
0x6c720000 0xa000 6.01.7600.16385 C:\Windows\system32\fdproxy.dll
0x6efa0000 0x17000 6.01.7600.16385 C:\Windows\System32\fdwcn.dll
0x6ee20000 0x19000 6.01.7600.16385 C:\Windows\System32\wcnapi.dll
0x6f070000 0x9000 6.01.7600.16385 C:\Windows\system32\fdWNet.dll
0x73910000 0x1c000 6.01.7600.16385 C:\Windows\system32\IPHLPAPI.DLL
0x75ac0000 0x6000 6.01.7600.16385 C:\Windows\system32\NSI.dll
0x73900000 0x7000 6.01.7600.16385 C:\Windows\system32\WINNSI.DLL
0x75fb0000 0x35000 6.01.7600.16385 C:\Windows\system32\WS2_32.dll
0x6eca0000 0xd000 6.01.7600.16385 C:\Windows\system32\dfscli.dll
0x6e6e0000 0xd000 6.01.7600.16385 C:\Windows\system32\browcli.dll
0x75200000 0x3c000 6.01.7600.16385 C:\Windows\system32\mswsock.dll
0x750c0000 0x44000 6.01.7600.16385 C:\Windows\system32\DNSAPI.dll
0x738a0000 0xd000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc6.DLL
0x723a0000 0x12000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc.DLL
0x71d80000 0x6000 6.01.7600.16385 C:\Windows\system32\rasadhlp.dll
0x74e40000 0xe000 6.01.7600.16385 C:\Windows\system32\DEVRTL.dll
0x6f010000 0x60000 6.01.7600.16385 C:\Windows\System32\wer.dll
0x6f0a0000 0x27000 6.01.7600.16385 C:\Windows\system32\twext.dll
0x6e130000 0x25000 6.01.7600.16385 C:\Windows\System32\cscobj.dll
0x74e20000 0x17000 6.01.7600.16385 C:\Windows\System32\USERENV.dll
0x036d0000 0x12000 1.02.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x036f0000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x03700000 0x2e000 3.80.0000.0000 C:\Program Files\WinRAR\rarext.dll
0x03870000 0x4c000 9.00.0000.0004 C:\Program Files\Avira\AntiVir Desktop\shlext.dll
0x71fc0000 0x51000 6.01.7600.16385 C:\Windows\system32\WINSPOOL.DRV
0x038c0000 0x32000 4.06.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x1c000000 0x6000 1.03.0000.0000 C:\Program Files\Notepad++\nppcm.dll
0x069d0000 0x209000 4.00.0005.0100 C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
0x6c200000 0x110000 8.00.50727.4053 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
0x6f620000 0x9b000 8.00.50727.4927 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
0x771a0000 0x7b000 6.01.7600.16385 C:\Windows\system32\comdlg32.dll
0x6f6c0000 0x87000 8.00.50727.4927 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
0x6e070000 0x21000 6.01.7600.16385 C:\Windows\system32\MSVFW32.dll
0x6fd30000 0xf000 8.00.50727.4053 C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\MFC80FRA.DLL
0x74b40000 0x52000 6.01.7600.16385 C:\Windows\system32\Faultrep.dll
0x6f100000 0x6000 6.01.7600.16385 C:\Windows\system32\RICHED32.DLL
0x6d7f0000 0x76000 5.31.0023.1229 C:\Windows\system32\RICHED20.dll
0x6f0d0000 0x29000 6.01.7600.16385 C:\Windows\system32\syncui.dll
0x6f960000 0x16000 6.01.7600.16385 C:\Windows\system32\SYNCENG.dll
0x6f110000 0xe000 6.01.7600.16385 C:\Windows\system32\acppage.dll
0x6d960000 0x3000 6.01.7600.16385 C:\Windows\system32\sfc.dll
0x6dc60000 0xd000 6.01.7600.16385 C:\Windows\system32\sfc_os.DLL
0x6f3e0000 0x240000 5.00.7600.16385 C:\Windows\system32\msi.dll
0x03ab0000 0x1c000 1.01.0225.0000 C:\Windows\system32\CmdLineExt.dll
0x70d00000 0x278000 6.01.7600.16385 C:\Windows\System32\gameux.dll
0x6e120000 0xa000 6.01.7600.16385 C:\Windows\system32\wbem\wbemprox.dll
0x6e010000 0x5c000 6.01.7600.16385 C:\Windows\system32\wbemcomn.dll
0x73e60000 0xf000 6.01.7600.16385 C:\Windows\system32\wbem\wbemsvc.dll
0x6dde0000 0x96000 6.01.7600.16385 C:\Windows\system32\wbem\fastprox.dll
0x6ddc0000 0x18000 6.01.7600.16385 C:\Windows\system32\NTDSAPI.dll
0x74d50000 0x5000 6.01.7600.16385 C:\Windows\System32\wshtcpip.dll
0x751f0000 0x6000 6.01.7600.16385 C:\Windows\System32\wship6.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x71d10000 0x38000 6.01.7600.16385 C:\Windows\System32\fwpuclnt.dll
0x73e00000 0x52000 6.01.7600.16385 C:\Windows\system32\RASAPI32.dll
0x73de0000 0x15000 6.01.7600.16385 C:\Windows\system32\rasman.dll
0x73fc0000 0xd000 6.01.7600.16617 C:\Windows\system32\rtutils.dll
0x6e6d0000 0x6000 6.01.7600.16385 C:\Windows\system32\sensapi.dll
0x73bb0000 0x10000 6.01.7600.16385 C:\Windows\system32\NLAapi.dll
0x72a60000 0x5a000 6.01.7600.16385 C:\Windows\System32\netprofm.dll
0x73f70000 0x10000 6.01.7600.16385 C:\Windows\system32\napinsp.dll
0x73e80000 0x12000 6.01.7600.16385 C:\Windows\system32\pnrpnsp.dll
0x73f50000 0x8000 6.01.7600.16385 C:\Windows\System32\winrnr.dll
0x6d9c0000 0x238000 6.01.7600.16385 C:\Windows\system32\wpdshext.dll
0x6fbb0000 0x3f000 6.01.7600.16385 C:\Windows\system32\audiodev.dll
0x6b690000 0x267000 12.00.7600.16385 C:\Windows\system32\WMVCore.DLL
0x6f150000 0x3d000 12.00.7600.16385 C:\Windows\system32\WMASF.DLL
No matching processes were found.
------------------------------------------------------------------------------
firefox.exe pid: 5712
Command line: "C:\Program Files\Mozilla Firefox\firefox.exe"
Base Size Version Path
0x00fd0000 0xe0000 1.09.0002.3855 C:\Program Files\Mozilla Firefox\firefox.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x664c0000 0xb8c000 1.09.0002.3855 C:\Program Files\Mozilla Firefox\xul.dll
0x6ee90000 0x75000 3.06.0022.0000 C:\Program Files\Mozilla Firefox\sqlite3.dll
0x6fc80000 0xb0000 8.00.0000.0000 C:\Program Files\Mozilla Firefox\MOZCRT19.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x6eb40000 0xfa000 C:\Program Files\Mozilla Firefox\js3250.dll
0x6fc50000 0x29000 4.08.0003.0000 C:\Program Files\Mozilla Firefox\nspr4.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x71ba0000 0x7000 6.01.7600.16385 C:\Windows\system32\WSOCK32.dll
0x75fb0000 0x35000 6.01.7600.16385 C:\Windows\system32\WS2_32.dll
0x75ac0000 0x6000 6.01.7600.16385 C:\Windows\system32\NSI.dll
0x73980000 0x32000 6.01.7600.16385 C:\Windows\system32\WINMM.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x6fdc0000 0x18000 3.12.0006.0002 C:\Program Files\Mozilla Firefox\smime3.dll
0x6e280000 0x9d000 3.12.0006.0002 C:\Program Files\Mozilla Firefox\nss3.dll
0x6fda0000 0x14000 3.12.0006.0002 C:\Program Files\Mozilla Firefox\nssutil3.dll
0x71c40000 0x7000 4.08.0003.0000 C:\Program Files\Mozilla Firefox\plc4.dll
0x6fc30000 0x7000 4.08.0003.0000 C:\Program Files\Mozilla Firefox\plds4.dll
0x6fc00000 0x21000 3.12.0006.0002 C:\Program Files\Mozilla Firefox\ssl3.dll
0x76280000 0xc49000 6.01.7600.16644 C:\Windows\system32\SHELL32.dll
0x77370000 0x57000 6.01.7600.16385 C:\Windows\system32\SHLWAPI.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x74cc0000 0x9000 6.01.7600.16385 C:\Windows\system32\VERSION.dll
0x71fc0000 0x51000 6.01.7600.16385 C:\Windows\system32\WINSPOOL.DRV
0x771a0000 0x7b000 6.01.7600.16385 C:\Windows\system32\COMDLG32.dll
0x746d0000 0x19e000 6.10.7600.16400 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\COMCTL32.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.dll
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x73cf0000 0x5000 6.01.7600.16385 C:\Windows\system32\MSIMG32.dll
0x75ff0000 0x8f000 6.01.7600.16567 C:\Windows\system32\OLEAUT32.dll
0x6e1d0000 0xaf000 8.00.0000.0000 C:\Program Files\Mozilla Firefox\MOZCPP19.dll
0x6fbf0000 0x7000 1.09.0002.3855 C:\Program Files\Mozilla Firefox\xpcom.dll
0x743c0000 0x40000 6.01.7600.16385 C:\Windows\system32\uxtheme.dll
0x74420000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x6f2f0000 0xeb000 6.01.7600.16385 C:\Windows\system32\dbghelp.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x773d0000 0x19d000 6.01.7600.16385 C:\Windows\system32\SETUPAPI.dll
0x75840000 0x27000 6.01.7600.16385 C:\Windows\system32\CFGMGR32.dll
0x75870000 0x12000 6.01.7600.16385 C:\Windows\system32\DEVOBJ.dll
0x772e0000 0x83000 2001.12.8530.16385 C:\Windows\system32\CLBCatQ.DLL
0x744f0000 0xf5000 7.00.7600.16385 C:\Windows\system32\propsys.dll
0x745f0000 0x21000 6.01.7600.16385 C:\Windows\system32\ntmarta.dll
0x76080000 0x45000 6.01.7600.16385 C:\Windows\system32\WLDAP32.dll
0x6fb50000 0x8000 1.09.0002.3855 C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
0x75200000 0x3c000 6.01.7600.16385 C:\Windows\system32\mswsock.dll
0x74d50000 0x5000 6.01.7600.16385 C:\Windows\System32\wshtcpip.dll
0x73910000 0x1c000 6.01.7600.16385 C:\Windows\system32\iphlpapi.dll
0x73900000 0x7000 6.01.7600.16385 C:\Windows\system32\WINNSI.DLL
0x73e00000 0x52000 6.01.7600.16385 C:\Windows\system32\rasapi32.dll
0x73de0000 0x15000 6.01.7600.16385 C:\Windows\system32\rasman.dll
0x73fc0000 0xd000 6.01.7600.16617 C:\Windows\system32\rtutils.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x6fb20000 0x24000 1.09.0002.3855 C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
0x10000000 0x11000 C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\udp036uw.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
0x03150000 0x481000 1.12.0000.36949 C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\udp036uw.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
0x6d0a0000 0x1c3000 6.01.7600.16385 C:\Windows\system32\d3d9.dll
0x74930000 0x6000 6.01.7600.16385 C:\Windows\system32\d3d8thk.dll
0x73520000 0x190000 6.01.7600.16385 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0x6df40000 0xc8000 6.01.7600.16385 C:\Windows\system32\OPENGL32.dll
0x6f290000 0x22000 6.01.7600.16385 C:\Windows\system32\GLU32.dll
0x6d870000 0xe7000 6.01.7600.16385 C:\Windows\system32\DDRAW.dll
0x6f950000 0x6000 6.01.7600.16385 C:\Windows\system32\DCIMAN32.dll
0x74670000 0x25000 6.01.7600.16385 C:\Windows\system32\POWRPROF.dll
0x77890000 0x5000 6.01.7600.16385 C:\Windows\system32\PSAPI.DLL
0x74e20000 0x17000 6.01.7600.16385 C:\Windows\system32\USERENV.dll
0x77570000 0xf4000 8.00.7600.16625 C:\Windows\system32\WININET.dll
0x77090000 0x3000 6.01.7600.16385 C:\Windows\system32\Normaliz.dll
0x75d70000 0x135000 8.00.7600.16625 C:\Windows\system32\urlmon.dll
0x759a0000 0x11c000 6.01.7600.16385 C:\Windows\system32\CRYPT32.dll
0x75830000 0xc000 6.01.7600.16415 C:\Windows\system32\MSASN1.dll
0x75b70000 0x1f9000 8.00.7600.16385 C:\Windows\system32\iertutil.dll
0x6f7a0000 0x1d000 6.01.7600.16444 C:\Windows\system32\t2embed.dll
0x74010000 0x2e000 6.01.7600.16385 C:\Windows\system32\shdocvw.dll
0x73bb0000 0x10000 6.01.7600.16385 C:\Windows\system32\NLAapi.dll
0x73f70000 0x10000 6.01.7600.16385 C:\Windows\system32\napinsp.dll
0x73e80000 0x12000 6.01.7600.16385 C:\Windows\system32\pnrpnsp.dll
0x16080000 0x25000 1.00.0006.0002 C:\Program Files\Bonjour\mdnsNSP.dll
0x750c0000 0x44000 6.01.7600.16385 C:\Windows\system32\DNSAPI.dll
0x73f50000 0x8000 6.01.7600.16385 C:\Windows\System32\winrnr.dll
0x74040000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x74a10000 0x31000 6.01.7600.16385 C:\Windows\system32\EhStorShell.dll
0x72d00000 0x40b000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\GROOVEEX.DLL
0x72160000 0xa3000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
0x720d0000 0x8e000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
0x749e0000 0x2b000 9.00.30729.4148 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.DLL
0x73110000 0x40f000 14.00.4738.1000 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
0x69420000 0x886000 14.00.4761.1000 C:\Program Files\MICROS~3\Office14\1036\GrooveIntlResource.dll
0x74170000 0x6a000 6.01.7600.16385 C:\Windows\System32\cscui.dll
0x749d0000 0x9000 6.01.7600.16385 C:\Windows\System32\CSCDLL.dll
0x715e0000 0xb000 6.01.7600.16385 C:\Windows\system32\CSCAPI.dll
0x74350000 0x6f000 6.01.7600.16385 C:\Windows\system32\ntshrui.dll
0x75430000 0x19000 6.01.7600.16385 C:\Windows\system32\srvcli.dll
0x73a30000 0xa000 6.01.7600.16385 C:\Windows\system32\slc.dll
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x6e0a0000 0x79000 6.01.7600.16385 C:\Windows\system32\mscms.dll
0x751f0000 0x6000 6.01.7600.16385 C:\Windows\System32\wship6.dll
0x738a0000 0xd000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc6.DLL
0x723a0000 0x12000 6.01.7600.16385 C:\Windows\system32\dhcpcsvc.DLL
0x71d80000 0x6000 6.01.7600.16385 C:\Windows\system32\rasadhlp.dll
0x6f260000 0x26000 3.12.0004.0000 C:\Program Files\Mozilla Firefox\softokn3.dll
0x6f750000 0x18000 3.12.0004.0000 C:\Program Files\Mozilla Firefox\nssdbm3.dll
0x6efc0000 0x41000 3.12.0004.0000 C:\Program Files\Mozilla Firefox\freebl3.dll
0x6e180000 0x50000 1.79.0000.0000 C:\Program Files\Mozilla Firefox\nssckbi.dll
0x71d10000 0x38000 6.01.7600.16385 C:\Windows\System32\fwpuclnt.dll
0x6f080000 0x12000 1.00.0000.0015 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
0x741e0000 0x16f000 6.01.7600.16385 C:\Windows\system32\explorerframe.dll
0x74b10000 0x2f000 6.01.7600.16385 C:\Windows\system32\DUser.dll
0x74a50000 0xb2000 6.01.7600.16385 C:\Windows\system32\DUI70.dll
0x756a0000 0x1a000 6.01.7600.16385 C:\Windows\system32\SspiCli.dll
0x6ef70000 0x2e000 6.01.7600.16385 C:\Windows\system32\mlang.dll
0x728b0000 0x132000 8.110.7600.16605 C:\Windows\System32\msxml3.dll
0x683f0000 0x760000 8.16.0011.9107 C:\Windows\system32\nvd3dum.dll
0x08fa0000 0x10f000 8.16.0011.9107 C:\Windows\system32\nvapi.dll
0x06b00000 0x28000 7.16.0011.9107 C:\Program Files\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
0x07730000 0x50000 7.16.0011.9107 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
0x6ec50000 0x38000 6.01.7600.16385 C:\Windows\system32\icm32.dll
No matching processes were found.
No matching processes were found.
No matching processes were found.
------------------------------------------------------------------------------
csrss.exe pid: 520
Command line: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a3f0000 0x5000 6.01.7600.16385 C:\Windows\system32\csrss.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x75820000 0xd000 6.01.7600.16385 C:\Windows\system32\CSRSRV.dll
0x75810000 0xe000 6.01.7600.16385 C:\Windows\system32\basesrv.DLL
0x757e0000 0x2c000 6.01.7600.16385 C:\Windows\system32\winsrv.DLL
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\SYSTEM32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x757d0000 0x9000 6.01.7600.16385 C:\Windows\system32\sxssrv.DLL
0x75720000 0x5f000 6.01.7600.16400 C:\Windows\system32\sxs.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
------------------------------------------------------------------------------
csrss.exe pid: 576
Command line: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a3f0000 0x5000 6.01.7600.16385 C:\Windows\system32\csrss.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x75820000 0xd000 6.01.7600.16385 C:\Windows\system32\CSRSRV.dll
0x75810000 0xe000 6.01.7600.16385 C:\Windows\system32\basesrv.DLL
0x757e0000 0x2c000 6.01.7600.16385 C:\Windows\system32\winsrv.DLL
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\SYSTEM32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x757d0000 0x9000 6.01.7600.16385 C:\Windows\system32\sxssrv.DLL
0x75720000 0x5f000 6.01.7600.16400 C:\Windows\system32\sxs.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
------------------------------------------------------------------------------
smss.exe pid: 372
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48230000 0x13000 \SystemRoot\System32\smss.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
------------------------------------------------------------------------------
winlogon.exe pid: 640
Command line: winlogon.exe
Base Size Version Path
0x00900000 0x47000 6.01.7600.16447 C:\Windows\system32\winlogon.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x75780000 0x29000 6.01.7600.16385 C:\Windows\system32\WINSTA.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.DLL
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x73890000 0x8000 6.01.7600.16385 C:\Windows\system32\UXINIT.dll
0x743c0000 0x40000 6.01.7600.16385 C:\Windows\system32\UxTheme.dll
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x74040000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x73f10000 0xf000 6.01.7600.16385 C:\Windows\system32\wkscli.dll
0x75310000 0x2b000 6.01.7600.16385 C:\Windows\system32\netjoin.dll
0x73f20000 0x9000 6.01.7600.16385 C:\Windows\system32\netutils.dll
0x756a0000 0x1a000 6.01.7600.16385 C:\Windows\system32\SspiCli.dll
0x73a30000 0xa000 6.01.7600.16385 C:\Windows\system32\slc.dll
0x72050000 0x12000 6.01.7600.16385 C:\Windows\system32\MPR.dll
0x753b0000 0x1b000 6.01.7600.16385 C:\Windows\system32\AUTHZ.dll
------------------------------------------------------------------------------
svchost.exe pid: 796
Command line: C:\Windows\system32\svchost.exe -k DcomLaunch
Base Size Version Path
0x000e0000 0x8000 6.01.7600.16385 C:\Windows\system32\svchost.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\system32\msvcrt.dll
0x77180000 0x19000 6.01.7600.16385 C:\Windows\SYSTEM32\sechost.dll
0x75f00000 0xa1000 6.01.7600.16385 C:\Windows\system32\RPCRT4.dll
0x74e70000 0x49000 6.01.7600.16385 c:\windows\system32\umpnpmgr.dll
0x74e50000 0x15000 6.01.7600.16385 c:\windows\system32\SPINF.dll
0x770b0000 0xc9000 6.01.7600.16385 C:\Windows\system32\USER32.dll
0x75eb0000 0x4e000 6.01.7600.16400 C:\Windows\system32\GDI32.dll
0x770a0000 0xa000 6.01.7600.16385 C:\Windows\system32\LPK.dll
0x75ad0000 0x9d000 1.626.7600.16385 C:\Windows\system32\USP10.dll
0x74e40000 0xe000 6.01.7600.16385 c:\windows\system32\DEVRTL.dll
0x772c0000 0x1f000 6.01.7600.16385 C:\Windows\system32\IMM32.DLL
0x760d0000 0xcc000 6.01.7600.16385 C:\Windows\system32\MSCTF.dll
0x757b0000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x74e20000 0x17000 6.01.7600.16385 C:\Windows\system32\USERENV.dll
0x757c0000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x74e00000 0x16000 6.01.7600.16385 C:\Windows\system32\GPAPI.dll
0x75710000 0xc000 6.01.7600.16385 C:\Windows\system32\CRYPTBASE.dll
0x74de0000 0x20000 6.01.7600.16385 c:\windows\system32\umpo.dll
0x75780000 0x29000 6.01.7600.16385 c:\windows\system32\WINSTA.dll
0x773d0000 0x19d000 6.01.7600.16385 C:\Windows\system32\SETUPAPI.dll
0x75840000 0x27000 6.01.7600.16385 C:\Windows\system32\CFGMGR32.dll
0x77220000 0xa0000 6.01.7600.16385 C:\Windows\system32\ADVAPI32.dll
0x75ff0000 0x8f000 6.01.7600.16567 C:\Windows\system32\OLEAUT32.dll
0x76ed0000 0x15c000 6.01.7600.16385 C:\Windows\system32\ole32.dll
0x75870000 0x12000 6.01.7600.16385 C:\Windows\system32\DEVOBJ.dll
0x74dd0000 0xb000 6.01.7600.16385 c:\windows\system32\pcwum.DLL
0x74d70000 0x5f000 6.01.7600.16385 c:\windows\system32\rpcss.dll
0x756a0000 0x1a000 6.01.7600.16385 c:\windows\system32\SspiCli.dll
0x74fc0000 0x8000 6.01.7600.16385 C:\Windows\system32\credssp.dll
0x772e0000 0x83000 2001.12.8530.16385 C:\Windows\system32\CLBCatQ.DLL
0x75920000 0x2d000 6.01.7600.16493 C:\Windows\system32\WINTRUST.dll
0x759a0000 0x11c000 6.01.7600.16385 C:\Windows\system32\CRYPT32.dll
0x75830000 0xc000 6.01.7600.16415 C:\Windows\system32\MSASN1.dll
0x756c0000 0x4b000 6.01.7600.16481 C:\Windows\system32\apphelp.dll
0x74400000 0xd000 6.01.7600.16385 C:\Windows\system32\WTSAPI32.dll
0x6f3e0000 0x240000 5.00.7600.16385 C:\Windows\system32\msi.dll
0x77370000 0x57000 6.01.7600.16385 C:\Windows\system32\SHLWAPI.dll
0x710f0000 0x7000 5.00.7600.16385 C:\Windows\system32\msiltcfg.dll
0x74cc0000 0x9000 6.01.7600.16385 C:\Windows\system32\VERSION.dll
0x6d960000 0x3000 6.01.7600.16385 C:\Windows\system32\SFC.DLL
0x6dc60000 0xd000 6.01.7600.16385 C:\Windows\system32\sfc_os.DLL
0x745f0000 0x21000 6.01.7600.16385 C:\Windows\system32\ntmarta.dll
0x76080000 0x45000 6.01.7600.16385 C:\Windows\system32\WLDAP32.dll
0x724f0000 0x23000 6.01.7600.16385 C:\Windows\system32\wbem\wmidcprv.dll
0x6dde0000 0x96000 6.01.7600.16385 C:\Windows\system32\wbem\FastProx.dll
0x6e010000 0x5c000 6.01.7600.16385 C:\Windows\system32\wbemcomn.dll
0x75fb0000 0x35000 6.01.7600.16385 C:\Windows\system32\WS2_32.dll
0x75ac0000 0x6000 6.01.7600.16385 C:\Windows\system32\NSI.dll
0x6ddc0000 0x18000 6.01.7600.16385 C:\Windows\system32\NTDSAPI.dll
0x6e120000 0xa000 6.01.7600.16385 C:\Windows\system32\wbem\wbemprox.dll
0x75240000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x74fe0000 0x3b000 6.01.7600.16385 C:\Windows\system32\rsaenh.dll
0x73e60000 0xf000 6.01.7600.16385 C:\Windows\system32\wbem\wbemsvc.dll
0x6dc20000 0x17000 6.01.7600.16385 C:\Windows\system32\wbem\wmiutils.dll
------------------------------------------------------------------------------
svchost.exe pid: 912
Command line: C:\Windows\system32\svchost.exe -k RPCSS
Base Size Version Path
0x000e0000 0x8000 6.01.7600.16385 C:\Windows\system32\svchost.exe
0x77670000 0x13c000 6.01.7600.16559 C:\Windows\SYSTEM32\ntdll.dll
0x761a0000 0xd4000 6.01.7600.16481 C:\Windows\system32\kernel32.dll
0x75950000 0x4a000 6.01.7600.16385 C:\Windows\system32\KERNELBASE.dll
0x777b0000 0xac000 7.00.7600.16385 C:\Windows\s
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
7 sept. 2010 à 07:12
7 sept. 2010 à 07:12
http://www.cijoint.fr/cjlink.php?file=cj201009/cijgELkKTX.txt
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
7 sept. 2010 à 07:13
7 sept. 2010 à 07:13
http://www.cijoint.fr/cjlink.php?file=cj201009/cije2xIYIe.txt
Utilisateur anonyme
7 sept. 2010 à 13:44
7 sept. 2010 à 13:44
hello
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir"
C:\Windows\System32\bootexctrl.exe
C:\Windows\System32\chwallp.exe
C:\Windows\System32\defrag_native.exe
C:\Windows\System32\hibernate4win.exe
C:\Windows\System32\lua5.1a.exe
C:\Windows\System32\lua5.1a_gui.exe
C:\Windows\System32\srvany.exe
C:\Windows\System32\lzhfldr2.dll
C:\Windows\System32\msvcr90.dll
C:\Windows\System32\msvcm90.dll
C:\Windows\System32\onexui.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
ensuite :
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir"
C:\Windows\System32\bootexctrl.exe
C:\Windows\System32\chwallp.exe
C:\Windows\System32\defrag_native.exe
C:\Windows\System32\hibernate4win.exe
C:\Windows\System32\lua5.1a.exe
C:\Windows\System32\lua5.1a_gui.exe
C:\Windows\System32\srvany.exe
C:\Windows\System32\lzhfldr2.dll
C:\Windows\System32\msvcr90.dll
C:\Windows\System32\msvcm90.dll
C:\Windows\System32\onexui.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
ensuite :
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
8 sept. 2010 à 06:23
8 sept. 2010 à 06:23
http://www.virustotal.com/file-scan/reanalysis.html?id=0fc9123d030f93270984fe704600f5eeb3dbf3501a4f6fe1df620292f3be02cb-1283919767
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
8 sept. 2010 à 06:24
8 sept. 2010 à 06:24
http://www.virustotal.com/file-scan/reanalysis.html?id=d05ac37d99cfaae495b10ee69c8847a974754d3245708465c4008c70e6951afc-1283919844
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
8 sept. 2010 à 06:25
8 sept. 2010 à 06:25
http://www.virustotal.com/file-scan/reanalysis.html?id=a036c1efd28f7caab32bca588e29f8326ebbc8fca14303539f2f28aac837f233-1283919903
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
8 sept. 2010 à 06:27
8 sept. 2010 à 06:27
http://www.virustotal.com/file-scan/report.html?id=2368c554159b5cdaad37281c551e625f1c26185b51d14a0068f4f6371b9c510b-1283919953
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
8 sept. 2010 à 06:56
8 sept. 2010 à 06:56
http://www.virustotal.com/file-scan/report.html?id=b052f5258b4f3a76329974664bc76e0068776ebf45fff0205a5b47400ad8af1d-1283920083
http://www.virustotal.com/file-scan/report.html?id=8bc078d8cfb75eedfaacb037a7b7565a4dfea8be65ad352bfb0d0c282709d62d-1283920211
http://www.virustotal.com/file-scan/report.html?id=abd4afd71b3c2bd3f741bbe3cec52c4fa63ac78d353101d2e7dc4de2725d1ca1-1283920334
http://www.virustotal.com/file-scan/report.html?id=b6d0551f70e108b70fb4b677938064217edcafb3c3c826beba0e4276ad77b827-1283920445
http://www.virustotal.com/file-scan/report.html?id=cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb-1283920687
http://www.virustotal.com/file-scan/report.html?id=866f51d4416b6a0bfbe8442cc8c1716152e4c3ee3137c375d05185e8171096a7-1283920874
http://www.virustotal.com/file-scan/report.html?id=0fca76c34c4c3f69f13d238aa58d1030d057a3a7e0fa3e7dee2e36ff115e1f60-1283921006
http://www.virustotal.com/file-scan/report.html?id=0fc9123d030f93270984fe704600f5eeb3dbf3501a4f6fe1df620292f3be02cb-1283921133
http://www.virustotal.com/file-scan/report.html?id=d05ac37d99cfaae495b10ee69c8847a974754d3245708465c4008c70e6951afc-1283921315
http://www.virustotal.com/file-scan/report.html?id=a036c1efd28f7caab32bca588e29f8326ebbc8fca14303539f2f28aac837f233-1283921418
http://www.virustotal.com/file-scan/report.html?id=2368c554159b5cdaad37281c551e625f1c26185b51d14a0068f4f6371b9c510b-1283921597
http://www.virustotal.com/file-scan/report.html?id=8bc078d8cfb75eedfaacb037a7b7565a4dfea8be65ad352bfb0d0c282709d62d-1283920211
http://www.virustotal.com/file-scan/report.html?id=abd4afd71b3c2bd3f741bbe3cec52c4fa63ac78d353101d2e7dc4de2725d1ca1-1283920334
http://www.virustotal.com/file-scan/report.html?id=b6d0551f70e108b70fb4b677938064217edcafb3c3c826beba0e4276ad77b827-1283920445
http://www.virustotal.com/file-scan/report.html?id=cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb-1283920687
http://www.virustotal.com/file-scan/report.html?id=866f51d4416b6a0bfbe8442cc8c1716152e4c3ee3137c375d05185e8171096a7-1283920874
http://www.virustotal.com/file-scan/report.html?id=0fca76c34c4c3f69f13d238aa58d1030d057a3a7e0fa3e7dee2e36ff115e1f60-1283921006
http://www.virustotal.com/file-scan/report.html?id=0fc9123d030f93270984fe704600f5eeb3dbf3501a4f6fe1df620292f3be02cb-1283921133
http://www.virustotal.com/file-scan/report.html?id=d05ac37d99cfaae495b10ee69c8847a974754d3245708465c4008c70e6951afc-1283921315
http://www.virustotal.com/file-scan/report.html?id=a036c1efd28f7caab32bca588e29f8326ebbc8fca14303539f2f28aac837f233-1283921418
http://www.virustotal.com/file-scan/report.html?id=2368c554159b5cdaad37281c551e625f1c26185b51d14a0068f4f6371b9c510b-1283921597
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
8 sept. 2010 à 06:59
8 sept. 2010 à 06:59
hello gen-hackman!
déjà merci pour tout et désolé de ma lenteur a répondre
voila j'ai fait ce que tu m'a demandé mais ce coup ci je ne revient sur mon pc que lundi prochain!
on pourras continuer la manip si tu veux bien!
@plus.
déjà merci pour tout et désolé de ma lenteur a répondre
voila j'ai fait ce que tu m'a demandé mais ce coup ci je ne revient sur mon pc que lundi prochain!
on pourras continuer la manip si tu veux bien!
@plus.
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
12 sept. 2010 à 23:57
12 sept. 2010 à 23:57
salut!
suis de retour
suis de retour
Utilisateur anonyme
13 sept. 2010 à 00:00
13 sept. 2010 à 00:00
ok ben fais donc la suite de ce que je t ai demandé plus haut , et clic sur update avant clean
nicoroger
Messages postés
688
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
20 mai 2017
69
13 sept. 2010 à 00:10
13 sept. 2010 à 00:10
c'est en route
