Analyser mon rapport hijackthis

Pnlop -  
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour,
Voici mon rapport Hijackthis! Je crois qu'il y à quelque chose d'anormale dans mon systeme. Pouvez-vous m'aider s.v.p? Que dois-je faire? Merci à l'avance de votre aide!

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Windows\System32\SupportAppXL\AutoDect.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJDM0P3I\RSIT[1].exe
C:\Program Files\trend micro\Utilisateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [autodetect] C:\Windows\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-ca.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PDAgent - Unknown owner - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (file missing)
O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (file missing)
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Services de sécurité Vidéotron (Radialpoint Security Services) - Vidéotron - C:\Program Files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe
O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Videotron\Services de sécurité Vidéotron\Fws.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: BitDefender Threat Scanner (scan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 19026 bytes

29 réponses

  • 1
  • 2
Résumé de la discussion

Rapport HijackThis et questions associées indiquent une suspicion d'infection ou de compromission du système et la demande d'orientations concrètes pour sécuriser l'ordinateur dans ce contexte logiciel et sécurité. Le log liste des processus système et logiciels variés, dont des entrées suspectes comme des BHO non nommés et un fichier RSIT dans le dossier temporaire. Plusieurs réponses expriment de l'espoir et remercient; des retours décrivent des difficultés à télécharger Malwarebytes (erreur 5: accès refusé) et évoquent la possibilité d'un cheval de Troie. D'autres commentaires restent spéculatifs et ne confirment pas d'infection, certains suggérant un examen plus approfondi avec des outils dédiés sans aboutir à une conclusion déterminante.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    bonjour

    Telecharge combofix :
    Faire un clic droit sur le lien
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Choisir : "Enregistrer la cible du lien sous..."
    * Choisir le Bureau comme destination.
    * Dans le champ "Nom du fichier", renommer ComboFix.exe en CCM.exe par exemple, puis enregistrer.
    * Attention ! L'étape de renommage est obligatoire sous peine de voir afficher le message "ComboFix.exe n'est pas une application win32 valide" et de le rendre ainsi totalement inefficace.

    Note importante :tu est sous Vista

    la désactivation du Contrôle des comptes utilisateurs est obligatoire

    Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac­er-l-uac

    pour toute manipulation fait comme ceci( clic droit "exécuter en tant qu'administrateur" pour Vista/7 )

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    -Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. risque de figer l'ordi

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    !\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordi (plantage complet)

    ::Si combofix detecte quelque chose et de demande a redémarrer tu accepte
    0
  2. Pnlop
     
    ComboFix 10-11-07.09 - Utilisateur 2010-11-08 5:27.1.2 - x86
    Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.3062.1469 [GMT -5:00]
    Lancé depuis: c:\users\Utilisateur\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Utilisateur\AppData\Roaming\ErrorWiz
    c:\users\Utilisateur\AppData\Roaming\ErrorWiz\Backup\Automatic Backup_11-07-2010_00-00-51.reg
    c:\users\Utilisateur\AppData\Roaming\ErrorWiz\Backup\Automatic Backup_11-07-2010_00-26-20.reg
    c:\users\Utilisateur\AppData\Roaming\ErrorWiz\settings.ini
    c:\windows\system32\system

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-08 au 2010-11-08 ))))))))))))))))))))))))))))))))))))
    .

    2010-11-08 10:35 . 2010-11-08 10:35 -------- d-----w- c:\users\Utilisateur\AppData\Local\temp
    2010-11-08 07:05 . 2010-10-07 21:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F237270-6E3F-4609-A3C4-A2DE9CD3C2F3}\mpengine.dll
    2010-11-08 07:01 . 2010-11-08 07:20 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-11-07 04:44 . 2010-11-07 04:44 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\GlarySoft
    2010-11-07 04:37 . 2010-11-08 10:23 -------- d-----w- c:\program files\Glary Utilities
    2010-11-07 03:53 . 2010-11-07 03:53 -------- d--h--w- c:\windows\PIF
    2010-11-06 22:01 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-11-06 22:01 . 2010-11-07 02:04 -------- d-----w- c:\program files\Trojan Remover
    2010-11-06 20:40 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9979897-7CBE-48EA-BCF4-02D742DA9033}\mpengine.dll
    2010-11-06 08:13 . 2010-11-06 08:13 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\SoftwareDetectionScripts
    2010-11-01 17:01 . 2010-11-07 05:33 -------- d-----w- c:\users\Utilisateur\AppData\Local\CrashDumps
    2010-11-01 02:09 . 2010-11-01 02:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-11-01 02:08 . 2010-11-01 02:08 -------- d-----w- c:\program files\Norton 360
    2010-11-01 02:08 . 2010-11-01 02:11 -------- d-----w- c:\programdata\Norton
    2010-11-01 02:07 . 2010-11-01 02:07 -------- d-----w- c:\program files\NortonInstaller
    2010-11-01 01:51 . 2006-09-25 02:11 -------- d-----w- c:\program files\ReviverSoft
    2010-10-31 23:45 . 2010-11-07 06:14 -------- d-----w- C:\0b4fc0d5dfb66e640becf83f
    2010-10-31 22:07 . 2010-11-08 02:29 -------- d-----w- c:\program files\trend micro
    2010-10-31 22:07 . 2010-10-31 22:50 -------- d-----w- C:\rsit
    2010-10-31 19:27 . 2010-10-31 19:27 -------- d-----w- C:\f9adf8b29e962ef5f561
    2010-10-26 18:10 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-26 18:10 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-26 18:10 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-25 00:11 . 2010-10-25 00:11 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\{90140011-0062-040C-0000-0000000FF1CE}
    2010-10-24 06:32 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-10-24 06:32 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-10-24 06:32 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-10-24 06:30 . 2010-10-25 18:37 -------- d-----w- c:\users\Utilisateur\AppData\Local\Windows Live
    2010-10-24 04:54 . 2010-10-24 04:54 -------- d-----w- c:\programdata\VirtualizedApplications
    2010-10-24 04:51 . 2010-10-24 04:51 -------- d-----w- c:\users\Utilisateur\AppData\Local\Apps
    2010-10-24 02:08 . 2006-09-29 07:14 -------- d-----w- c:\users\Utilisateur\AppData\Local\Microsoft Help
    2010-10-24 02:07 . 2010-11-06 22:31 -------- d-----w- c:\programdata\Microsoft Help
    2010-10-24 00:45 . 2010-10-24 00:45 -------- d-----w- c:\program files\Common Files\Java
    2010-10-24 00:40 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
    2010-10-24 00:34 . 2010-11-08 02:15 -------- d-----w- c:\users\Utilisateur\AppData\Local\SoftGrid Client
    2010-10-24 00:34 . 2010-11-07 05:55 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\SoftGrid Client
    2010-10-24 00:32 . 2010-10-24 06:09 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
    2010-10-24 00:31 . 2010-11-07 03:34 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\TP
    2010-10-23 23:34 . 2006-09-29 07:13 -------- d-----w- c:\program files\Conduit
    2010-10-18 00:38 . 2010-10-18 00:38 -------- d-----w- c:\users\Utilisateur\AppData\Local\Windows Live Writer
    2010-10-18 00:38 . 2010-10-18 00:38 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\Windows Live Writer
    2010-10-16 19:55 . 2010-10-25 05:51 -------- d-----w- c:\users\Utilisateur\AppData\Local\MigWiz
    2010-10-16 01:36 . 2010-10-16 01:36 -------- d-----w- c:\program files\Veetle
    2010-10-15 11:02 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-15 11:02 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-15 11:02 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-15 11:02 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-15 11:02 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-15 11:02 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-15 11:02 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-15 11:02 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-15 11:00 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 20:51 . 2009-10-02 18:01 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-15 08:50 . 2010-04-28 00:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-26 16:33 . 2010-10-26 18:10 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33 . 2010-10-26 18:10 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33 . 2010-10-26 18:10 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-26 16:33 . 2010-10-26 18:10 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-17 14:11 . 2010-09-15 20:21 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-02 150552]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
    "autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2009-05-20 91648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

    c:\users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 - Capture d''cran et lancement.lnk - c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2010-2-28 3207072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-09-19 7168]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
    S2 Radialpoint Security Services;Services de sécurité Vidéotron;c:\program files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe [2010-03-02 166944]
    S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
    S2 ServicepointService;ServicepointService;c:\program files\Videotron\Videotron Service Agent\ServicepointService.exe [2010-03-02 689392]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [x]
    S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [x]
    S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - 69DEAA9B
    *NewlyCreated* - D95A8580
    *NewlyCreated* - MPFILTER
    *NewlyCreated* - MPNWMON
    *Deregistered* - 69deaa9b
    *Deregistered* - d95a8580

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bdx REG_MULTI_SZ scan sysagent
    .
    Contenu du dossier 'Tâches planifiées'

    2010-10-25 c:\windows\Tasks\User_Feed_Synchronization-{16F615E4-4B44-4145-86A5-9502310A7D2B}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]
    .
    .
    ------- Examen supplémentaire -------
    .
    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = *.local
    IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-08 05:36
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Heure de fin: 2010-11-08 05:40:08
    ComboFix-quarantined-files.txt 2010-11-08 10:40

    Avant-CF: 150 287 794 176 octets libres
    Après-CF: 150 391 324 672 octets libres

    - - End Of File - - 2C096413F4F9FC05EFB5CD38E42FE8BE
    0
  3. Pnlop
     
    Es ce que je dois redémarer?
    0
    1. Pnlop
       
      Je ne vois malheureusement rien qui change :(
      Vraiment gentil de m'apporter cette aide benurr :)
      ....:(.......AYAYAYEEE...que faire?
      0
  4. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    télécharge

    https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

    a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

    Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

    A la fin du scan clique sur Afficher les résultats

    Vérifier si tout est coché et clic Supprimer la sélection

    S'il t'es demandé de redémarrer >>> clique sur "Yes"

    Et tu poste le rapport générer
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Pnlop
     
    Voici ce que j'obtiens lorsque j'essaie de télécharger malwarebyte:

    Impossible d'exécuter un fichier depuis le dossier temporaire. Abandon de l'instalation.

    Erreur 5: accès refusé
    0
  7. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    clic droit et enregistre le sur le bureau

    http://dl.commentcamarche.net/www.commentcamarche.net/download/files/mbam-setup_1.46.exe

    Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
    Mais C.. de penser que ­tu es libre...Merci a australe13
    0
    1. Pnlop
       
      Le C..... peu être plusieurs mots et ainsi donner plusieurs sens à la phrase! Je suis curieuse de savoir à quel sens tu le relis. SONGER...
      0
    2. Pnlop
       
      Je ne suis toujours pas capable de télécharger jusqu'à la fin malewarebytes!
      0
  8. Pnlop
     
    Ton aide n'a pas de prix en ce moment! Mille merci benurr!
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      merci ccm un site ou en peut faire du bénévolat si c'etait pas moi sa aurai était quelqu'un d'autre
      0
    2. Pnlop
       
      Vraiment très heureuse de retrouver un systeme normale et performant. Si vous saviez comment j'ai essayer d'application qui ont tous été des flops! J'étais tout près de formater! Je vous remercie grandement pour votre aide compétente et de votre temps généreux!J'ai retrouver le sourire :) Si jamais un problème se représente; je sais ou trouver l'aide! :) :) :)
      0
  9. babarjo Messages postés 70 Date d'inscription   Statut Membre Dernière intervention   505
     
    http://www.hijackthis.de/fr
    0
    1. Pnlop
       
      Merci babarjo...j'ai vaincu les méchants! :)
      0
  10. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut le C correspond a un mot en 3 lettre

    tu peut poster le rapport malwarbyte

    Téléchargez Tools Cleaner 2 sur le bureau ici: https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

    * Double-cliquez sur Tools Cleaner2 pour l'exécuter. (Si vous êtes sous Vista, cliquez droit sur le fichier Tools Cleaner 2 et exécutez-le en tant qu'administrateur.)
    * Cliquez sur Recherche et laissez-la se dérouler
    * Cliquez sur Suppression pour finaliser.
    * Vous pouvez, si vous le souhaitez, vous servir des Options facultatives.
    * Cliquez sur Quitter pour obtenir le rapport.
    * Postez le rapport (TCleaner.txt) qui se trouve à la racine de votre disque dur (C:) dans le forum où cela vous a été demandé.

    ------------------Après

    tu va télécharger Ccleaner http://dl.commentcamarche.net/...

    ouvre "Ccleaner" vas dans l'onglet "Option" puis "Avancé" puis décoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures."

    . Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage".
    Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée"
    . Tu refais tous ca 4-5 fois (le nettoyage et le registre).

    Puis reste dans "Ccleaner" puis va dans "Option" puis "Propriété" puis coches "Nettoyer automatiquement l'ordinateur au démarrage".

    içi mode d'emploi pour ccleaner

    https://www.malekal.com/tutoriel-ccleaner/
    0
    1. Pnlop
       
      Je ne suis pas capable de télécharger malewarebytes!
      0
  11. Pnlop
     
    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\Qoobox: trouvé !
    C:\Rsit: trouvé !
    C:\Program Files\trend micro\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\hijackthis.log: trouvé !
    C:\Program Files\trend micro\HijackThis: trouvé !
    C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\HijackThis\hijackthis.log: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Qoobox\Quarantine\catchme.log: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\Utilisateur\AppData\Local\VirtualStore\Program Files\trend micro\hijackthis.log: trouvé !
    C:\Users\Utilisateur\Desktop\HijackThis.lnk: trouvé !
    C:\Windows\mbr.exe: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Program Files\trend micro\HijackThis.exe: ERREUR DE SUPPRESSION !!
    C:\Program Files\trend micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
    C:\Users\Utilisateur\Desktop\HijackThis.lnk: supprimé !
    C:\Combofix.txt: ERREUR DE SUPPRESSION !!
    C:\Program Files\trend micro\hijackthis.log: supprimé !
    C:\Program Files\trend micro\HijackThis\hijackthis.log: ERREUR DE SUPPRESSION !!
    C:\Qoobox\Quarantine\catchme.log: supprimé !
    C:\Windows\mbr.exe: ERREUR DE SUPPRESSION !!
    C:\Qoobox: ERREUR DE SUPPRESSION !!
    C:\Rsit: supprimé !
    C:\Program Files\trend micro\HijackThis: ERREUR DE SUPPRESSION !!
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!

    Fichiers temporaires nettoyés !
    0
  12. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Salut :

    DÉSACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRÉSENTS !!!!!(car il est détecte a tort comme infection)

    Télécharge ici :List_Kill'em de gen-hackman

    http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe

    et enregistre le sur ton bureau

    windows 7 => clic droit "exécuter en tant que administrateur

    sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    Exécuter List_Kill'em

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    Il commencera par telecharger et installer ses mises à jour , puis te donnera son menu

    choisis l'option Search

    laisse travailler l'outil

    il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agrée"

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

    Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
    0
  13. Pnlop
     
    Present !! : HKLM\Software\Conduit
    Present !! : HKU\.DEFAULT\Software\AGI
    Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_mpnwmon
    Present !! : HKLM\SYSTEM\CurrentControlSet\Services\mpnwmon
    Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_mpnwmon
    Present !! : HKLM\SYSTEM\ControlSet001\Services\mpnwmon
    Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_mpnwmon
    Present !! : HKLM\SYSTEM\ControlSet002\Services\mpnwmon

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-10 19:37:05
    Windows 6.0.6002 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 62 !
    copy of MBR has been found in sector 63 !

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1 (0x1)
    FirewallDisableNotify = 0 (0x0)
    AntiVirusDisableNotify = 0 (0x0)
    UpdatesDisableNotify = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 19:38:22,17
    Present !! : HKLM\Software\Conduit
    Present !! : HKU\.DEFAULT\Software\AGI
    Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_mpnwmon
    Present !! : HKLM\SYSTEM\CurrentControlSet\Services\mpnwmon
    Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_mpnwmon
    Present !! : HKLM\SYSTEM\ControlSet001\Services\mpnwmon
    Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_mpnwmon
    Present !! : HKLM\SYSTEM\ControlSet002\Services\mpnwmon

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-10 19:41:19
    Windows 6.0.6002 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 62 !
    copy of MBR has been found in sector 63 !

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1 (0x1)
    FirewallDisableNotify = 0 (0x0)
    AntiVirusDisableNotify = 0 (0x0)
    UpdatesDisableNotify = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 19:42:31,49
    0
  14. Pnlop
     
    ¤¤¤¤¤¤¤¤¤¤ More informations ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤ DLLs ¤¤¤¤¤¤¤¤¤¤

    ------------------------------------------------------------------------------
    explorer.exe pid: 2040
    Command line: C:\Windows\Explorer.EXE
    Base Size Version Path
    0x001b0000 0x2cd000 6.00.6002.18005 C:\Windows\Explorer.EXE
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x76fc0000 0xb10000 6.00.6002.18287 C:\Windows\system32\SHELL32.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x72fd0000 0x108000 6.00.6002.18005 C:\Windows\system32\SHDOCVW.dll
    0x75080000 0x3f000 6.00.6001.18000 C:\Windows\system32\UxTheme.dll
    0x75500000 0x1a000 6.00.6002.18005 C:\Windows\system32\POWRPROF.dll
    0x73600000 0xc000 6.00.6001.18000 C:\Windows\system32\dwmapi.dll
    0x748d0000 0x1ab000 5.02.6002.18005 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
    0x75a70000 0x3a000 6.00.6002.18005 C:\Windows\system32\slc.dll
    0x74710000 0xbb000 7.00.6002.18005 C:\Windows\system32\PROPSYS.dll
    0x72e80000 0x146000 6.00.6002.18005 C:\Windows\system32\BROWSEUI.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.dll
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x75050000 0x30000 6.00.6001.18000 C:\Windows\system32\DUser.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x74360000 0xf4000 7.00.6002.18107 C:\Windows\system32\WindowsCodecs.dll
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x72bb0000 0x1f000 5.02.3790.1830 C:\Windows\system32\EhStorShell.dll
    0x72ba0000 0x6000 6.00.6000.16386 C:\Windows\system32\IconCodecService.dll
    0x76010000 0x14000 6.00.6002.18051 C:\Windows\system32\Secur32.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x726b0000 0xb2000 6.00.6002.18127 C:\Windows\system32\timedate.cpl
    0x74a90000 0x14000 3.05.2284.0002 C:\Windows\system32\ATL.DLL
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x74b60000 0x3d000 7.00.6002.18155 C:\Windows\system32\OLEACC.dll
    0x72490000 0x53000 6.00.6001.18000 C:\Windows\system32\ACTXPRXY.DLL
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\system32\USERENV.dll
    0x75610000 0xd7000 6.00.6000.16386 C:\Windows\system32\WINBRAND.dll
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\System32\SAMLIB.dll
    0x728c0000 0x3c000 7.00.6002.18255 C:\Windows\System32\msshsq.dll
    0x722f0000 0xc7000 6.00.6002.18005 C:\Windows\System32\NaturalLanguage6.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\System32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\System32\MSASN1.dll
    0x74c30000 0x1e8000 6.00.6002.18005 C:\Windows\system32\authui.dll
    0x75470000 0x5000 6.00.6000.16386 C:\Windows\system32\MSIMG32.dll
    0x72b00000 0x9000 6.00.6000.16386 C:\Windows\system32\LINKINFO.dll
    0x76c90000 0x133000 8.00.6001.18975 C:\Windows\system32\urlmon.dll
    0x76dd0000 0x1e8000 8.00.6001.18975 C:\Windows\system32\iertutil.dll
    0x71850000 0xa95000 8.00.6001.18975 C:\Windows\system32\ieframe.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x735f0000 0x7000 4.00.6000.16386 C:\Windows\system32\msiltcfg.dll
    0x75840000 0x8000 6.00.6002.18005 C:\Windows\system32\VERSION.dll
    0x71620000 0x227000 4.05.6002.18005 C:\Windows\system32\msi.dll
    0x769f0000 0xe6000 8.00.6001.18975 C:\Windows\system32\WININET.dll
    0x76180000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
    0x74ba0000 0x32000 6.00.6002.18005 C:\Windows\system32\WINMM.dll
    0x740d0000 0x2f000 6.00.6002.18005 C:\Windows\system32\wdmaud.drv
    0x740c0000 0x4000 6.00.6000.16386 C:\Windows\system32\ksuser.dll
    0x74fc0000 0x28000 6.00.6002.18005 C:\Windows\system32\MMDevAPI.DLL
    0x74b00000 0x7000 6.00.6001.18000 C:\Windows\system32\AVRT.dll
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x72660000 0x4a000 6.00.6001.18000 C:\Windows\system32\ntshrui.dll
    0x73190000 0xb000 6.00.6002.18005 C:\Windows\system32\cscapi.dll
    0x75240000 0x2d000 6.00.6002.18169 C:\Windows\system32\WINTRUST.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x73180000 0x9000 6.00.6002.18005 C:\Windows\system32\ExplorerFrame.dll
    0x737b0000 0x21000 6.00.6002.18005 C:\Windows\system32\AUDIOSES.DLL
    0x73520000 0x66000 6.00.6001.18000 C:\Windows\system32\audioeng.dll
    0x73640000 0x9000 6.00.6002.18005 C:\Windows\system32\msacm32.drv
    0x73620000 0x14000 6.00.6001.18000 C:\Windows\system32\MSACM32.dll
    0x73610000 0x7000 6.00.6002.18005 C:\Windows\system32\midimap.dll
    0x75130000 0x30000 6.00.6001.18000 C:\Windows\system32\MLANG.dll
    0x6fef0000 0x92000 6.00.6002.18005 C:\Windows\system32\stobject.dll
    0x6fe30000 0xb6000 6.00.6000.16386 C:\Windows\system32\BatMeter.dll
    0x75450000 0xa000 6.00.6001.18000 C:\Windows\system32\WTSAPI32.dll
    0x75560000 0x25000 6.00.6001.18000 C:\Windows\system32\WINSTA.dll
    0x74460000 0x46000 2001.12.6932.18005 C:\Windows\system32\es.dll
    0x6fbd0000 0x30000 6.00.6000.16386 C:\Windows\System32\SndVolSSO.dll
    0x6fba0000 0x21000 6.00.6002.18005 C:\Windows\ehome\ehSSO.dll
    0x74a80000 0x9000 6.00.6000.16386 C:\Windows\system32\HID.DLL
    0x75390000 0x66000 6.00.6001.18000 C:\Windows\system32\FirewallAPI.dll
    0x6e670000 0x30b000 6.00.6002.18005 C:\Windows\System32\netshell.dll
    0x75a10000 0x19000 6.00.6002.18005 C:\Windows\System32\IPHLPAPI.DLL
    0x759d0000 0x35000 6.00.6002.18005 C:\Windows\System32\dhcpcsvc.DLL
    0x75c50000 0x2c000 6.00.6002.18005 C:\Windows\System32\DNSAPI.dll
    0x759c0000 0x7000 6.00.6001.18000 C:\Windows\System32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 C:\Windows\System32\dhcpcsvc6.DLL
    0x74af0000 0xf000 6.00.6001.18000 C:\Windows\System32\nlaapi.dll
    0x6f3c0000 0x1bf000 6.00.6002.18005 C:\Windows\system32\pnidui.dll
    0x715b0000 0x17000 6.00.6001.18000 C:\Windows\system32\QUtil.dll
    0x75a30000 0x40000 6.00.6002.18005 C:\Windows\system32\wevtapi.dll
    0x74120000 0x6000 6.00.6000.16386 C:\Windows\system32\wlanutil.dll
    0x6f5e0000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll
    0x6d3e0000 0x12000 6.00.6002.18064 C:\Windows\system32\Wlanapi.dll
    0x73910000 0x17c000 6.00.6002.18005 C:\Windows\system32\OneX.DLL
    0x744e0000 0xe000 6.00.6001.18000 C:\Windows\system32\eappprxy.dll
    0x74130000 0x24000 6.00.6002.18005 C:\Windows\system32\eappcfg.dll
    0x758f0000 0x45000 6.00.6002.18005 C:\Windows\system32\bcrypt.dll
    0x6d3b0000 0xd000 6.00.6000.16386 C:\Windows\System32\AltTab.dll
    0x6d370000 0x19000 6.00.6002.18112 C:\Windows\system32\wpdshserviceobj.dll
    0x6d2e0000 0x2b000 6.00.6002.18112 C:\Windows\system32\PortableDeviceTypes.dll
    0x6f580000 0x56000 6.00.6002.18112 C:\Windows\system32\PortableDeviceApi.dll
    0x70e00000 0x5a000 6.00.6001.18000 C:\Windows\system32\taskschd.dll
    0x75100000 0x2f000 1.02.1009.0000 C:\Windows\system32\XmlLite.dll
    0x6ceb0000 0x4d000 7.00.6002.18005 C:\Windows\System32\srchadmin.dll
    0x6cf10000 0x3d000 8.00.6001.18702 C:\Windows\System32\webcheck.dll
    0x71130000 0x21c000 6.00.6002.18005 C:\Windows\System32\SyncCenter.dll
    0x6dd80000 0xb000 7.00.6002.18005 C:\Windows\system32\mssprxy.dll
    0x6cf90000 0x39000 6.00.6002.18005 C:\Windows\system32\wscntfy.dll
    0x72ad0000 0xb000 6.00.6002.18005 C:\Windows\system32\WSCAPI.dll
    0x6ce00000 0xa3000 6.00.6002.18005 C:\Windows\system32\bthprops.cpl
    0x71570000 0x2e000 6.00.6001.18000 C:\Windows\System32\QAgent.dll
    0x72de0000 0x96000 6.00.6002.18005 C:\Windows\System32\fwpuclnt.dll
    0x75f50000 0x5f000 6.00.6001.18000 C:\Windows\system32\SXS.DLL
    0x6c990000 0x23000 9.00.0044.43458 C:\Program Files\Videotron\Services de sécurité Vidéotron\MalwareContextMenuR.dll
    0x6c890000 0x73000 1.00.2498.0000 c:\PROGRA~1\MICROS~4\shellext.dll
    0x6c830000 0x2e000 6.00.6001.18000 C:\Windows\system32\syncui.dll
    0x6c870000 0x16000 6.00.6001.18000 C:\Windows\system32\SYNCENG.dll
    0x75bb0000 0x14000 6.00.6002.18005 C:\Windows\system32\MPR.dll
    0x6f760000 0x28c000 6.00.6001.18000 C:\Windows\System32\NLSData000c.dll
    0x6e980000 0x5f4000 6.00.6000.16386 C:\Windows\System32\NLSLexicons000c.dll
    0x70e90000 0x28000 6.00.6002.18005 C:\Windows\system32\FunDisc.dll
    0x74b20000 0xa000 6.00.6002.18005 C:\Windows\system32\fdproxy.dll
    0x70a80000 0x136000 8.100.5003.0000 C:\Windows\System32\msxml3.dll
    0x74ab0000 0x15000 6.00.6001.18000 C:\Windows\system32\Cabinet.dll

    ------------------------------------------------------------------------------
    winlogon.exe pid: 800
    Command line: winlogon.exe
    Base Size Version Path
    0x00710000 0x50000 6.00.6002.18005 C:\Windows\system32\winlogon.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76010000 0x14000 6.00.6002.18051 C:\Windows\system32\Secur32.dll
    0x75560000 0x25000 6.00.6001.18000 C:\Windows\system32\WINSTA.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\system32\USERENV.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x745a0000 0x3e000 6.00.6002.18005 C:\Windows\system32\SHSVCS.dll
    0x75080000 0x3f000 6.00.6001.18000 C:\Windows\system32\uxtheme.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x74360000 0xf4000 7.00.6002.18107 C:\Windows\system32\WindowsCodecs.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x75a70000 0x3a000 6.00.6002.18005 C:\Windows\system32\slc.dll
    0x75bb0000 0x14000 6.00.6002.18005 C:\Windows\system32\MPR.dll
    0x75ff0000 0x16000 6.00.6002.18005 C:\Windows\system32\AUTHZ.dll

    ------------------------------------------------------------------------------
    wininit.exe pid: 644
    Command line: wininit.exe
    Base Size Version Path
    0x00760000 0x1a000 6.00.6001.18000 C:\Windows\system32\wininit.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\system32\USERENV.dll
    0x76010000 0x14000 6.00.6002.18051 C:\Windows\system32\Secur32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\system32\MSASN1.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL

    ------------------------------------------------------------------------------
    svchost.exe pid: 916
    Command line: C:\Windows\system32\svchost.exe -k DcomLaunch
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75400000 0x39000 6.00.6002.18005 c:\windows\system32\umpnpmgr.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x76030000 0x1e000 6.00.6002.18005 c:\windows\system32\USERENV.dll
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x75500000 0x1a000 6.00.6002.18005 C:\Windows\system32\POWRPROF.dll
    0x754e0000 0x15000 6.00.6002.18005 C:\Windows\system32\GPAPI.dll
    0x75a70000 0x3a000 6.00.6002.18005 C:\Windows\system32\slc.dll
    0x752e0000 0x8a000 6.00.6002.18005 c:\windows\system32\rpcss.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x75390000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x75840000 0x8000 6.00.6002.18005 c:\windows\system32\VERSION.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\system32\MSASN1.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x74ab0000 0x15000 6.00.6001.18000 C:\Windows\system32\Cabinet.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x75560000 0x25000 6.00.6001.18000 C:\Windows\system32\WINSTA.dll
    0x75450000 0xa000 6.00.6001.18000 C:\Windows\system32\WTSAPI32.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 976
    Command line: C:\Windows\system32\svchost.exe -k rpcss
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x752e0000 0x8a000 6.00.6002.18005 c:\windows\system32\rpcss.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x75390000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x75840000 0x8000 6.00.6002.18005 c:\windows\system32\VERSION.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\system32\MSASN1.dll
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\system32\USERENV.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x72de0000 0x96000 6.00.6002.18005 C:\Windows\system32\fwpuclnt.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 1160
    Command line: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\System32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x747d0000 0xfc000 6.00.6002.18005 c:\windows\system32\wevtsvc.dll
    0x76030000 0x1e000 6.00.6002.18005 c:\windows\system32\USERENV.dll
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x75840000 0x8000 6.00.6002.18005 c:\windows\system32\VERSION.dll
    0x754e0000 0x15000 6.00.6002.18005 c:\windows\system32\GPAPI.dll
    0x75a70000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\System32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\System32\MSASN1.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\System32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\System32\NETAPI32.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x746b0000 0x51000 6.00.6002.18005 c:\windows\system32\audiosrv.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x74fc0000 0x28000 6.00.6002.18005 c:\windows\system32\MMDevAPI.DLL
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x75450000 0xa000 6.00.6001.18000 c:\windows\system32\WTSAPI32.dll
    0x75560000 0x25000 6.00.6001.18000 c:\windows\system32\WINSTA.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x75240000 0x2d000 6.00.6002.18169 C:\Windows\System32\WINTRUST.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x744f0000 0x8000 6.00.6000.16386 c:\windows\system32\lmhsvc.dll
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\System32\rsaenh.dll
    0x737b0000 0x21000 6.00.6002.18005 C:\Windows\System32\audioses.dll
    0x73520000 0x66000 6.00.6001.18000 C:\Windows\System32\audioeng.dll
    0x74b00000 0x7000 6.00.6001.18000 C:\Windows\System32\AVRT.dll
    0x6d270000 0x12000 6.00.6002.18005 c:\windows\system32\wscsvc.dll
    0x75390000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
    0x6e420000 0xdc000 6.00.6001.18000 c:\windows\system32\dbghelp.dll
    0x6fb40000 0xb000 6.00.6002.18005 C:\Windows\system32\wbem\wbemprox.dll
    0x6f5f0000 0x5b000 6.00.6001.18000 C:\Windows\system32\wbemcomn.dll
    0x6ef80000 0x10000 6.00.6002.18005 C:\Windows\system32\wbem\wbemsvc.dll
    0x6dc10000 0x99000 6.00.6002.18005 C:\Windows\system32\wbem\fastprox.dll
    0x75bf0000 0x18000 6.00.6001.18000 C:\Windows\system32\NTDSAPI.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x75940000 0x35000 6.00.6002.18005 C:\Windows\System32\ncrypt.dll
    0x758f0000 0x45000 6.00.6002.18005 C:\Windows\System32\BCRYPT.dll
    0x6b330000 0x8e000 7.04.7600.0226 C:\Windows\system32\wuapi.dll
    0x74ab0000 0x15000 6.00.6001.18000 C:\Windows\system32\Cabinet.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 1240
    Command line: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\System32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\System32\NTMARTA.DLL
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\System32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x746b0000 0x51000 6.00.6002.18005 c:\windows\system32\audiosrv.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x74fc0000 0x28000 6.00.6002.18005 c:\windows\system32\MMDevAPI.DLL
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x75450000 0xa000 6.00.6001.18000 c:\windows\system32\WTSAPI32.dll
    0x75560000 0x25000 6.00.6001.18000 c:\windows\system32\WINSTA.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x75240000 0x2d000 6.00.6002.18169 C:\Windows\System32\WINTRUST.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\System32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\System32\MSASN1.dll
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\System32\USERENV.dll
    0x76010000 0x14000 6.00.6002.18051 C:\Windows\System32\Secur32.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x745f0000 0xb000 6.00.6002.18005 c:\windows\system32\uxsms.dll
    0x744c0000 0x13000 6.00.6000.16386 c:\windows\system32\tabsvc.dll
    0x74a80000 0x9000 6.00.6000.16386 c:\windows\system32\HID.DLL
    0x75a70000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
    0x745e0000 0x10000 6.00.6001.18000 c:\windows\system32\wudfsvc.dll
    0x74330000 0x30000 6.00.6001.18000 c:\windows\system32\WUDFPlatform.dll
    0x75840000 0x8000 6.00.6002.18005 c:\windows\system32\VERSION.dll
    0x75a30000 0x40000 6.00.6002.18005 c:\windows\system32\wevtapi.dll
    0x741c0000 0x82000 6.00.6002.18064 c:\windows\system32\wlansvc.dll
    0x75d40000 0x76000 6.00.6002.18005 c:\windows\system32\NETAPI32.dll
    0x76fc0000 0xb10000 6.00.6002.18287 C:\Windows\system32\SHELL32.dll
    0x74260000 0x4c000 6.00.6002.18064 c:\windows\system32\WLANMSM.DLL
    0x74160000 0x52000 6.00.6002.18064 c:\windows\system32\WLANSEC.dll
    0x73910000 0x17c000 6.00.6002.18005 c:\windows\system32\OneX.DLL
    0x744e0000 0xe000 6.00.6001.18000 c:\windows\system32\eappprxy.dll
    0x74130000 0x24000 6.00.6002.18005 c:\windows\system32\eappcfg.dll
    0x748d0000 0x1ab000 5.02.6002.18005 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
    0x75050000 0x30000 6.00.6001.18000 c:\windows\system32\DUser.dll
    0x75080000 0x3f000 6.00.6001.18000 c:\windows\system32\UxTheme.dll
    0x74b60000 0x3d000 7.00.6002.18155 c:\windows\system32\OLEACC.dll
    0x75ff0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x742c0000 0x18000 6.00.6002.18005 c:\windows\system32\wlgpclnt.dll
    0x74250000 0x10000 6.00.6001.18000 c:\windows\system32\l2gpstore.dll
    0x74120000 0x6000 6.00.6000.16386 c:\windows\system32\wlanutil.dll
    0x75cb0000 0x7000 6.00.6000.16386 c:\windows\system32\SYSNTFY.dll
    0x75220000 0x1f000 6.00.6002.18005 c:\windows\system32\WinSCard.dll
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    0x758f0000 0x45000 6.00.6002.18005 c:\windows\system32\bcrypt.dll
    0x73650000 0x15b000 6.20.5002.0000 C:\Windows\System32\msxml6.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\System32\rsaenh.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\System32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75850000 0x7e000 6.00.6002.18051 C:\Windows\system32\kerberos.dll
    0x75c90000 0x11000 6.00.6001.18000 C:\Windows\System32\cryptdll.dll
    0x76c90000 0x133000 8.00.6001.18975 C:\Windows\system32\urlmon.dll
    0x76dd0000 0x1e8000 8.00.6001.18975 C:\Windows\system32\iertutil.dll
    0x73590000 0x60000 6.00.6001.18000 C:\Windows\system32\netcfgx.dll
    0x74ab0000 0x15000 6.00.6001.18000 C:\Windows\System32\Cabinet.dll
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x71450000 0x8d000 6.00.6002.18005 c:\windows\system32\emdmgmt.dll
    0x71530000 0x39000 6.00.6002.18005 c:\windows\system32\WDSCORE.dll
    0x714f0000 0xd000 6.00.6001.18000 c:\windows\system32\pcasvc.dll
    0x70d60000 0x46000 6.00.6001.18000 c:\windows\system32\netman.dll
    0x70db0000 0x4a000 6.00.6002.18005 c:\windows\system32\RASAPI32.dll
    0x70d40000 0x14000 6.00.6001.18000 c:\windows\system32\rasman.dll
    0x70d00000 0x31000 6.00.6000.16386 c:\windows\system32\TAPI32.dll
    0x71500000 0xc000 6.00.6002.18274 c:\windows\system32\rtutils.dll
    0x74ba0000 0x32000 6.00.6002.18005 c:\windows\system32\WINMM.dll
    0x6e670000 0x30b000 6.00.6002.18005 C:\Windows\System32\netshell.dll
    0x74af0000 0xf000 6.00.6001.18000 C:\Windows\System32\nlaapi.dll
    0x6f6d0000 0x8a000 6.00.6002.18005 c:\windows\system32\sysmain.dll
    0x6fac0000 0x15000 6.00.6001.18000 c:\windows\system32\trkwks.dll
    0x6faa0000 0x17000 6.00.6002.18112 c:\windows\system32\wpdbusenum.dll
    0x754e0000 0x15000 6.00.6002.18005 C:\Windows\System32\GPAPI.dll
    0x6f580000 0x56000 6.00.6002.18112 C:\Windows\system32\PortableDeviceApi.dll
    0x6ded0000 0x12000 6.00.6002.18112 C:\Windows\System32\portabledeviceconnectapi.dll
    0x71510000 0x15000 6.00.6001.18000 c:\windows\system32\wdi.dll
    0x72ae0000 0xa000 6.00.6001.18000 C:\Windows\system32\pcadm.dll
    0x6d660000 0xce000 6.00.6002.18005 C:\Windows\System32\RASDLG.dll
    0x6dab0000 0x1a000 6.00.6002.18005 C:\Windows\System32\MPRAPI.dll
    0x75010000 0x35000 6.00.6001.18000 C:\Windows\System32\ACTIVEDS.dll
    0x74bf0000 0x33000 6.00.6002.18005 C:\Windows\System32\adsldpc.dll
    0x72460000 0x2e000 6.00.6002.18005 C:\Windows\System32\credui.dll
    0x74a90000 0x14000 3.05.2284.0002 C:\Windows\System32\ATL.DLL
    0x6de30000 0x4a000 6.00.6001.18000 C:\Windows\System32\hnetcfg.dll
    0x72820000 0x60000 6.00.6002.18096 C:\Windows\System32\WINHTTP.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x6c940000 0x33000 6.00.6001.18000 C:\Windows\system32\upnp.dll
    0x70bc0000 0xc000 6.00.6000.16386 C:\Windows\system32\SSDPAPI.dll
    0x75f50000 0x5f000 6.00.6001.18000 C:\Windows\System32\SXS.DLL
    0x6fb40000 0xb000 6.00.6002.18005 C:\Windows\system32\wbem\wbemprox.dll
    0x6f5f0000 0x5b000 6.00.6001.18000 C:\Windows\system32\wbemcomn.dll
    0x6ef80000 0x10000 6.00.6002.18005 C:\Windows\system32\wbem\wbemsvc.dll
    0x6dc10000 0x99000 6.00.6002.18005 C:\Windows\system32\wbem\fastprox.dll
    0x75bf0000 0x18000 6.00.6001.18000 C:\Windows\system32\NTDSAPI.dll
    0x75790000 0x38000 6.00.6002.18111 C:\Windows\system32\msv1_0.dll
    0x6c760000 0x15000 6.00.6000.16386 C:\Windows\system32\radardt.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 1264
    Command line: C:\Windows\system32\svchost.exe -k netsvcs
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x74ad0000 0x11000 6.00.6001.18000 c:\windows\system32\mmcss.dll
    0x74b00000 0x7000 6.00.6001.18000 c:\windows\system32\AVRT.dll
    0x74620000 0x29000 6.00.6002.18005 c:\windows\system32\profsvc.dll
    0x75cb0000 0x7000 6.00.6000.16386 c:\windows\system32\SYSNTFY.dll
    0x76030000 0x1e000 6.00.6002.18005 c:\windows\system32\USERENV.dll
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x74af0000 0xf000 6.00.6001.18000 c:\windows\system32\nlaapi.dll
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    0x74a90000 0x14000 3.05.2284.0002 c:\windows\system32\ATL.DLL
    0x745a0000 0x3e000 6.00.6002.18005 c:\windows\system32\shsvcs.dll
    0x75560000 0x25000 6.00.6001.18000 C:\Windows\system32\WINSTA.dll
    0x75080000 0x3f000 6.00.6001.18000 C:\Windows\system32\UxTheme.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x74610000 0xe000 6.00.6001.18000 c:\windows\system32\sens.dll
    0x75450000 0xa000 6.00.6001.18000 c:\windows\system32\WTSAPI32.dll
    0x744b0000 0x10000 6.00.6001.18000 c:\windows\system32\eapsvc.dll
    0x742e0000 0x30000 6.00.6002.18005 C:\Windows\system32\eapphost.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x742b0000 0xf000 6.00.6001.18000 C:\Windows\system32\umb.dll
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x75240000 0x2d000 6.00.6002.18169 C:\Windows\system32\WINTRUST.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\system32\MSASN1.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x73880000 0x85000 5.82.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
    0x737e0000 0x94000 6.00.6002.18005 c:\windows\system32\schedsvc.dll
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x75a30000 0x40000 6.00.6002.18005 c:\windows\system32\wevtapi.dll
    0x75ff0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
    0x74110000 0x7000 6.00.6001.18000 c:\windows\system32\ktmw32.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x74070000 0x44000 6.00.6002.18005 C:\Windows\system32\taskcomp.dll
    0x75840000 0x8000 6.00.6002.18005 C:\Windows\system32\VERSION.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x74100000 0xb000 6.00.6001.18000 C:\Windows\system32\wiarpc.dll
    0x74710000 0xbb000 7.00.6002.18005 C:\Windows\system32\PROPSYS.dll
    0x75f50000 0x5f000 6.00.6001.18000 C:\Windows\system32\SXS.DLL
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x732b0000 0x9000 6.00.6000.16386 C:\Windows\system32\tschannel.dll
    0x72630000 0x22000 6.00.6002.18306 c:\windows\system32\srvsvc.dll
    0x75a70000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
    0x75440000 0x6000 6.00.6000.16386 C:\Windows\system32\SSCORE.DLL
    0x75390000 0x66000 6.00.6001.18000 C:\Windows\system32\FirewallAPI.DLL
    0x750d0000 0x2e000 6.00.6001.18000 C:\Windows\system32\CLUSAPI.DLL
    0x75bf0000 0x18000 6.00.6001.18000 C:\Windows\system32\NTDSAPI.dll
    0x75c90000 0x11000 6.00.6001.18000 C:\Windows\system32\cryptdll.dll
    0x75010000 0x35000 6.00.6001.18000 C:\Windows\system32\ACTIVEDS.dll
    0x74bf0000 0x33000 6.00.6002.18005 C:\Windows\system32\adsldpc.dll
    0x72460000 0x2e000 6.00.6002.18005 C:\Windows\system32\credui.dll
    0x76fc0000 0xb10000 6.00.6002.18287 C:\Windows\system32\SHELL32.dll
    0x75370000 0x13000 6.00.6001.18000 C:\Windows\system32\RESUTILS.DLL
    0x74ff0000 0x9000 6.00.6000.16386 c:\windows\system32\aelupsvc.dll
    0x713e0000 0x6f000 6.00.6002.18005 c:\windows\system32\ikeext.dll
    0x72de0000 0x96000 6.00.6002.18005 c:\windows\system32\fwpuclnt.dll
    0x75940000 0x35000 6.00.6002.18005 C:\Windows\system32\ncrypt.dll
    0x758f0000 0x45000 6.00.6002.18005 C:\Windows\system32\BCRYPT.dll
    0x704a0000 0x8000 6.00.6001.18000 c:\windows\system32\seclogon.dll
    0x6f9f0000 0x2a000 6.00.6002.18005 c:\windows\system32\wbem\wmisvc.dll
    0x6f5f0000 0x5b000 6.00.6001.18000 C:\Windows\system32\wbemcomn.dll
    0x6efb0000 0x43000 6.00.6002.18005 c:\windows\system32\rasmans.dll
    0x71500000 0xc000 6.00.6002.18274 c:\windows\system32\rtutils.dll
    0x6f030000 0x14000 6.00.6002.18005 C:\Windows\system32\rastapi.dll
    0x70d00000 0x31000 6.00.6000.16386 C:\Windows\system32\TAPI32.dll
    0x74ba0000 0x32000 6.00.6002.18005 C:\Windows\system32\WINMM.dll
    0x74b60000 0x3d000 7.00.6002.18155 C:\Windows\system32\OLEACC.dll
    0x6e310000 0x34000 6.00.6002.18209 c:\windows\system32\iphlpsvc.dll
    0x6f000000 0x23000 6.00.6001.18000 c:\windows\system32\sqmapi.dll
    0x74ab0000 0x15000 6.00.6001.18000 C:\Windows\system32\Cabinet.dll
    0x6de30000 0x4a000 6.00.6001.18000 C:\Windows\system32\hnetcfg.dll
    0x754e0000 0x15000 6.00.6002.18005 C:\Windows\system32\GPAPI.dll
    0x72820000 0x60000 6.00.6002.18096 C:\Windows\system32\WINHTTP.dll
    0x70f50000 0x10b000 6.00.6002.18005 C:\Windows\system32\VSSAPI.DLL
    0x74b40000 0x14000 6.00.6001.18000 C:\Windows\system32\vsstrace.dll
    0x75100000 0x2f000 1.02.1009.0000 C:\Windows\system32\XmlLite.dll
    0x75bb0000 0x14000 6.00.6002.18005 C:\Windows\system32\MPR.dll
    0x6dcb0000 0xb9000 6.00.6002.18005 C:\Windows\system32\wbem\wbemcore.dll
    0x6dde0000 0x43000 6.00.6002.18005 C:\Windows\system32\wbem\esscli.dll
    0x6dc10000 0x99000 6.00.6002.18005 C:\Windows\system32\wbem\FastProx.dll
    0x6ef80000 0x10000 6.00.6002.18005 C:\Windows\system32\wbem\wbemsvc.dll
    0x6dda0000 0x17000 6.00.6002.18005 C:\Windows\system32\wbem\wmiutils.dll
    0x6db70000 0x44000 6.00.6002.18005 C:\Windows\system32\wbem\repdrvfs.dll
    0x6dad0000 0x43000 6.00.6002.18005 C:\Windows\system32\rasppp.dll
    0x6dab0000 0x1a000 6.00.6002.18005 C:\Windows\system32\MPRAPI.dll
    0x70db0000 0x4a000 6.00.6002.18005 C:\Windows\system32\RASAPI32.dll
    0x70d40000 0x14000 6.00.6001.18000 C:\Windows\system32\rasman.dll
    0x75850000 0x7e000 6.00.6002.18051 C:\Windows\system32\kerberos.dll
    0x6da90000 0x14000 6.00.6001.18000 C:\Windows\system32\RASQEC.DLL
    0x715b0000 0x17000 6.00.6001.18000 C:\Windows\system32\QUtil.dll
    0x6d860000 0x47000 6.00.6002.18005 C:\Windows\System32\raschap.dll
    0x6da10000 0x3e000 6.00.6002.18116 C:\Windows\System32\rastls.dll
    0x6d770000 0xf0000 6.00.6002.18005 C:\Windows\system32\CRYPTUI.dll
    0x75470000 0x5000 6.00.6000.16386 C:\Windows\system32\MSIMG32.dll
    0x75220000 0x1f000 6.00.6002.18005 C:\Windows\system32\WinSCard.dll
    0x6d5d0000 0x7d000 6.00.6002.18005 C:\Windows\system32\wbem\wmiprvsd.dll
    0x75fe0000 0xf000 6.00.6001.18000 C:\Windows\system32\NCObjAPI.DLL
    0x6d570000 0x57000 6.00.6002.18005 C:\Windows\system32\wbem\wbemess.dll
    0x75790000 0x38000 6.00.6002.18111 C:\Windows\system32\msv1_0.dll
    0x6c810000 0xb000 6.00.6001.18000 c:\windows\system32\appinfo.dll
    0x6c7e0000 0x10000 6.00.6002.18005 C:\Windows\system32\wbem\ncprov.dll
    0x6afa0000 0x1bf000 7.00.6002.18005 c:\windows\system32\qmgr.dll
    0x6fc30000 0x5000 6.00.6000.16386 c:\windows\system32\SHFOLDER.dll
    0x6d750000 0x8000 7.00.6000.16386 c:\windows\system32\bitsperf.dll
    0x6d760000 0xb000 7.00.6002.18005 C:\Windows\system32\bitsigd.dll
    0x6c940000 0x33000 6.00.6001.18000 C:\Windows\system32\upnp.dll
    0x70bc0000 0xc000 6.00.6000.16386 C:\Windows\system32\SSDPAPI.dll
    0x6a540000 0x1d9000 7.04.7600.0226 c:\windows\system32\wuaueng.dll
    0x6d400000 0x168000 6.00.6002.18005 c:\windows\system32\ESENT.dll
    0x715d0000 0x42000 6.00.6002.18087 c:\windows\system32\WINSPOOL.DRV
    0x6d740000 0xc000 6.00.6001.18000 c:\windows\system32\mspatcha.dll
    0x75c80000 0x6000 6.00.6000.16386 C:\Windows\system32\WMsgAPI.dll
    0x6f1e0000 0xd9000 6.00.6002.18005 C:\Windows\system32\wer.dll
    0x70bd0000 0x6000 6.00.6000.16386 C:\Windows\system32\SensApi.dll
    0x70a80000 0x136000 8.100.5003.0000 C:\Windows\System32\msxml3.dll
    0x70020000 0xf000 6.00.6001.18000 C:\Windows\system32\napinsp.dll
    0x6fc60000 0x12000 6.00.6001.18000 C:\Windows\system32\pnrpnsp.dll
    0x70010000 0x8000 6.00.6002.18005 C:\Windows\System32\winrnr.dll
    0x6fc00000 0x25000 2.00.0002.0000 C:\Program Files\Bonjour\mdnsNSP.dll
    0x73170000 0x6000 6.00.6000.16386 C:\Windows\system32\rasadhlp.dll
    0x6da60000 0x26000 6.00.6001.18000 C:\Windows\system32\dssenh.dll
    0x6c510000 0x2e000 8.00.6001.18702 C:\Windows\system32\advpack.dll
    0x71620000 0x227000 4.05.6002.18005 C:\Windows\system32\msi.dll
    0x74460000 0x46000 2001.12.6932.18005 C:\Windows\System32\ES.DLL
    0x74050000 0xa000 7.04.7600.0226 C:\Windows\System32\wups.dll
    0x76c90000 0x133000 8.00.6001.18975 C:\Windows\system32\urlmon.dll
    0x76dd0000 0x1e8000 8.00.6001.18975 C:\Windows\system32\iertutil.dll
    0x769f0000 0xe6000 8.00.6001.18975 C:\Windows\system32\WININET.dll
    0x76180000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
    0x73f00000 0x16000 6.00.6001.18000 c:\windows\system32\browser.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 1392
    Command line: C:\Windows\system32\svchost.exe -k GPSvcGroup
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x74500000 0x8f000 6.00.6002.18005 c:\windows\system32\gpsvc.dll
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x75d40000 0x76000 6.00.6002.18005 c:\windows\system32\NETAPI32.dll
    0x75bf0000 0x18000 6.00.6001.18000 c:\windows\system32\NTDSAPI.dll
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x75450000 0xa000 6.00.6001.18000 c:\windows\system32\WTSAPI32.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x76030000 0x1e000 6.00.6002.18005 c:\windows\system32\USERENV.dll
    0x754e0000 0x15000 6.00.6002.18005 c:\windows\system32\GPAPI.dll
    0x75a70000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
    0x75ff0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
    0x75cb0000 0x7000 6.00.6000.16386 c:\windows\system32\SYSNTFY.dll
    0x75560000 0x25000 6.00.6001.18000 c:\windows\system32\WINSTA.dll
    0x74af0000 0xf000 6.00.6001.18000 c:\windows\system32\nlaapi.dll
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    ------------------------------------------------------------------------------
    svchost.exe pid: 1436
    Command line: C:\Windows\system32\svchost.exe -k LocalService
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x74460000 0x46000 2001.12.6932.18005 c:\windows\system32\es.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x74710000 0xbb000 7.00.6002.18005 c:\windows\system32\PROPSYS.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x74590000 0x8000 6.00.6001.18000 c:\windows\system32\nsisvc.dll
    0x76010000 0x14000 6.00.6002.18051 C:\Windows\system32\secur32.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\system32\MSASN1.dll
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\system32\USERENV.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x72880000 0x34000 6.00.6002.18005 c:\windows\system32\webclnt.dll
    0x72820000 0x60000 6.00.6002.18096 c:\windows\system32\WINHTTP.dll
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x76c90000 0x133000 8.00.6001.18975 C:\Windows\system32\urlmon.dll
    0x76dd0000 0x1e8000 8.00.6001.18975 C:\Windows\system32\iertutil.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x76fc0000 0xb10000 6.00.6002.18287 C:\Windows\system32\shell32.dll
    0x769f0000 0xe6000 8.00.6001.18975 C:\Windows\system32\WinInet.dll
    0x76180000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
    0x72770000 0x2a000 6.00.6002.18049 c:\windows\system32\wkssvc.dll
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    0x75bf0000 0x18000 6.00.6001.18000 c:\windows\system32\NTDSAPI.dll
    0x75610000 0xd7000 6.00.6000.16386 c:\windows\system32\WINBRAND.dll
    0x715a0000 0x9000 6.00.6000.16386 c:\windows\system32\fdrespub.dll
    0x70ec0000 0x59000 6.00.6002.18085 c:\windows\system32\wsdapi.dll
    0x72810000 0xb000 6.00.6002.18210 c:\windows\system32\HTTPAPI.dll
    0x75240000 0x2d000 6.00.6002.18169 c:\windows\system32\WINTRUST.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x75100000 0x2f000 1.02.1009.0000 c:\windows\system32\XmlLite.dll
    0x75390000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
    0x75840000 0x8000 6.00.6002.18005 c:\windows\system32\VERSION.dll
    0x70e90000 0x28000 6.00.6002.18005 C:\Windows\system32\FunDisc.dll
    0x74a90000 0x14000 3.05.2284.0002 C:\Windows\system32\ATL.DLL
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x70a80000 0x136000 8.100.5003.0000 C:\Windows\System32\msxml3.dll
    0x75f50000 0x5f000 6.00.6001.18000 C:\Windows\system32\SXS.DLL
    0x6ffa0000 0x25000 6.00.6001.18000 c:\windows\system32\sstpsvc.dll
    0x71500000 0xc000 6.00.6002.18274 c:\windows\system32\rtutils.dll
    0x6f680000 0x48000 6.00.6002.18005 c:\windows\system32\w32time.dll
    0x75c90000 0x11000 6.00.6001.18000 c:\windows\system32\cryptdll.dll
    0x754e0000 0x15000 6.00.6002.18005 C:\Windows\system32\GPAPI.dll
    0x75a70000 0x3a000 6.00.6002.18005 C:\Windows\system32\slc.dll
    0x6e3e0000 0x3c000 6.00.6001.18000 c:\windows\system32\netprofm.dll
    0x74af0000 0xf000 6.00.6001.18000 c:\windows\system32\nlaapi.dll
    0x6f5e0000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll
    0x70020000 0xf000 6.00.6001.18000 C:\Windows\system32\napinsp.dll
    0x6fc60000 0x12000 6.00.6001.18000 C:\Windows\system32\pnrpnsp.dll
    0x70010000 0x8000 6.00.6002.18005 C:\Windows\System32\winrnr.dll
    0x6fc00000 0x25000 2.00.0002.0000 C:\Program Files\Bonjour\mdnsNSP.dll
    0x73170000 0x6000 6.00.6000.16386 C:\Windows\system32\rasadhlp.dll
    0x6c910000 0x28000 6.00.6001.18000 c:\windows\system32\ssdpsrv.dll
    0x74040000 0x6000 6.00.6001.18000 c:\windows\system32\fdphost.dll
    0x73b60000 0x12000 6.00.6002.18005 C:\Windows\system32\fdwsd.dll
    0x75130000 0x30000 6.00.6001.18000 C:\Windows\system32\MLANG.dll
    0x73b40000 0x12000 6.00.6002.18005 C:\Windows\system32\fdssdp.dll
    0x70bc0000 0xc000 6.00.6000.16386 C:\Windows\system32\SSDPAPI.dll
    0x74b20000 0xa000 6.00.6002.18005 C:\Windows\system32\fdproxy.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 1656
    Command line: C:\Windows\system32\svchost.exe -k NetworkService
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x74310000 0x18000 6.00.6002.18005 c:\windows\system32\dnsrslvr.dll
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x71060000 0x22000 6.00.6002.18005 c:\windows\system32\cryptsvc.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x70f50000 0x10b000 6.00.6002.18005 c:\windows\system32\VSSAPI.DLL
    0x74a90000 0x14000 3.05.2284.0002 c:\windows\system32\ATL.DLL
    0x74b40000 0x14000 6.00.6001.18000 c:\windows\system32\vsstrace.dll
    0x75ff0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
    0x75100000 0x2f000 1.02.1009.0000 c:\windows\system32\XmlLite.dll
    0x75d40000 0x76000 6.00.6002.18005 c:\windows\system32\NETAPI32.dll
    0x75bb0000 0x14000 6.00.6002.18005 c:\windows\system32\MPR.dll
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x75ab0000 0xf2000 6.00.6002.18005 c:\windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 c:\windows\system32\MSASN1.dll
    0x76030000 0x1e000 6.00.6002.18005 c:\windows\system32\USERENV.dll
    0x70e60000 0x2b000 6.00.6001.18000 c:\windows\system32\nlasvc.dll
    0x75a30000 0x40000 6.00.6002.18005 c:\windows\system32\wevtapi.dll
    0x70be0000 0x1a000 6.00.6001.18000 c:\windows\system32\ncsi.dll
    0x72820000 0x60000 6.00.6002.18096 c:\windows\system32\WINHTTP.dll
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x75450000 0xa000 6.00.6001.18000 c:\windows\system32\WTSAPI32.dll
    0x758f0000 0x45000 6.00.6002.18005 c:\windows\system32\bcrypt.dll
    0x70ca0000 0x8000 6.00.6001.18000 c:\windows\system32\CFGMGR32.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x70bc0000 0xc000 6.00.6000.16386 C:\Windows\system32\ssdpapi.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x74460000 0x46000 2001.12.6932.18005 C:\Windows\system32\es.dll
    0x74710000 0xbb000 7.00.6002.18005 C:\Windows\system32\PROPSYS.dll
    0x75560000 0x25000 6.00.6001.18000 C:\Windows\system32\WINSTA.dll
    0x6fa60000 0x3d000 6.00.6002.18005 c:\windows\system32\tapisrv.dll
    0x75010000 0x35000 6.00.6001.18000 c:\windows\system32\ACTIVEDS.dll
    0x74bf0000 0x33000 6.00.6002.18005 c:\windows\system32\adsldpc.dll
    0x72460000 0x2e000 6.00.6002.18005 c:\windows\system32\credui.dll
    0x76fc0000 0xb10000 6.00.6002.18287 C:\Windows\system32\SHELL32.dll
    0x71500000 0xc000 6.00.6002.18274 c:\windows\system32\rtutils.dll
    0x74ba0000 0x32000 6.00.6002.18005 c:\windows\system32\WINMM.dll
    0x74b60000 0x3d000 7.00.6002.18155 c:\windows\system32\OLEACC.dll
    0x6f2c0000 0x71000 6.00.6002.18005 c:\windows\system32\termsrv.dll
    0x70330000 0x7000 6.00.6001.18000 c:\windows\system32\ICAAPI.dll
    0x75240000 0x2d000 6.00.6002.18169 c:\windows\system32\WINTRUST.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x6de80000 0x48000 6.00.6002.18005 C:\Windows\system32\unimdm.tsp
    0x6dd90000 0x7000 6.00.6000.16386 C:\Windows\system32\uniplat.dll
    0x6dbf0000 0x11000 6.00.6000.16386 C:\Windows\system32\unimdmat.dll
    0x75840000 0x8000 6.00.6002.18005 C:\Windows\system32\VERSION.dll
    0x6db20000 0x4a000
    0
  15. Pnlop
     
    ¤¤¤¤¤¤¤¤¤¤ More informations ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤ DLLs ¤¤¤¤¤¤¤¤¤¤

    ------------------------------------------------------------------------------
    explorer.exe pid: 2040
    Command line: C:\Windows\Explorer.EXE
    Base Size Version Path
    0x001b0000 0x2cd000 6.00.6002.18005 C:\Windows\Explorer.EXE
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x76fc0000 0xb10000 6.00.6002.18287 C:\Windows\system32\SHELL32.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x72fd0000 0x108000 6.00.6002.18005 C:\Windows\system32\SHDOCVW.dll
    0x75080000 0x3f000 6.00.6001.18000 C:\Windows\system32\UxTheme.dll
    0x75500000 0x1a000 6.00.6002.18005 C:\Windows\system32\POWRPROF.dll
    0x73600000 0xc000 6.00.6001.18000 C:\Windows\system32\dwmapi.dll
    0x748d0000 0x1ab000 5.02.6002.18005 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
    0x75a70000 0x3a000 6.00.6002.18005 C:\Windows\system32\slc.dll
    0x74710000 0xbb000 7.00.6002.18005 C:\Windows\system32\PROPSYS.dll
    0x72e80000 0x146000 6.00.6002.18005 C:\Windows\system32\BROWSEUI.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.dll
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x75050000 0x30000 6.00.6001.18000 C:\Windows\system32\DUser.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x74360000 0xf4000 7.00.6002.18107 C:\Windows\system32\WindowsCodecs.dll
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x72bb0000 0x1f000 5.02.3790.1830 C:\Windows\system32\EhStorShell.dll
    0x72ba0000 0x6000 6.00.6000.16386 C:\Windows\system32\IconCodecService.dll
    0x76010000 0x14000 6.00.6002.18051 C:\Windows\system32\Secur32.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x726b0000 0xb2000 6.00.6002.18127 C:\Windows\system32\timedate.cpl
    0x74a90000 0x14000 3.05.2284.0002 C:\Windows\system32\ATL.DLL
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x74b60000 0x3d000 7.00.6002.18155 C:\Windows\system32\OLEACC.dll
    0x72490000 0x53000 6.00.6001.18000 C:\Windows\system32\ACTXPRXY.DLL
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\system32\USERENV.dll
    0x75610000 0xd7000 6.00.6000.16386 C:\Windows\system32\WINBRAND.dll
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\System32\SAMLIB.dll
    0x728c0000 0x3c000 7.00.6002.18255 C:\Windows\System32\msshsq.dll
    0x722f0000 0xc7000 6.00.6002.18005 C:\Windows\System32\NaturalLanguage6.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\System32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\System32\MSASN1.dll
    0x74c30000 0x1e8000 6.00.6002.18005 C:\Windows\system32\authui.dll
    0x75470000 0x5000 6.00.6000.16386 C:\Windows\system32\MSIMG32.dll
    0x72b00000 0x9000 6.00.6000.16386 C:\Windows\system32\LINKINFO.dll
    0x76c90000 0x133000 8.00.6001.18975 C:\Windows\system32\urlmon.dll
    0x76dd0000 0x1e8000 8.00.6001.18975 C:\Windows\system32\iertutil.dll
    0x71850000 0xa95000 8.00.6001.18975 C:\Windows\system32\ieframe.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x735f0000 0x7000 4.00.6000.16386 C:\Windows\system32\msiltcfg.dll
    0x75840000 0x8000 6.00.6002.18005 C:\Windows\system32\VERSION.dll
    0x71620000 0x227000 4.05.6002.18005 C:\Windows\system32\msi.dll
    0x769f0000 0xe6000 8.00.6001.18975 C:\Windows\system32\WININET.dll
    0x76180000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
    0x74ba0000 0x32000 6.00.6002.18005 C:\Windows\system32\WINMM.dll
    0x740d0000 0x2f000 6.00.6002.18005 C:\Windows\system32\wdmaud.drv
    0x740c0000 0x4000 6.00.6000.16386 C:\Windows\system32\ksuser.dll
    0x74fc0000 0x28000 6.00.6002.18005 C:\Windows\system32\MMDevAPI.DLL
    0x74b00000 0x7000 6.00.6001.18000 C:\Windows\system32\AVRT.dll
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x72660000 0x4a000 6.00.6001.18000 C:\Windows\system32\ntshrui.dll
    0x73190000 0xb000 6.00.6002.18005 C:\Windows\system32\cscapi.dll
    0x75240000 0x2d000 6.00.6002.18169 C:\Windows\system32\WINTRUST.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x73180000 0x9000 6.00.6002.18005 C:\Windows\system32\ExplorerFrame.dll
    0x737b0000 0x21000 6.00.6002.18005 C:\Windows\system32\AUDIOSES.DLL
    0x73520000 0x66000 6.00.6001.18000 C:\Windows\system32\audioeng.dll
    0x73640000 0x9000 6.00.6002.18005 C:\Windows\system32\msacm32.drv
    0x73620000 0x14000 6.00.6001.18000 C:\Windows\system32\MSACM32.dll
    0x73610000 0x7000 6.00.6002.18005 C:\Windows\system32\midimap.dll
    0x75130000 0x30000 6.00.6001.18000 C:\Windows\system32\MLANG.dll
    0x6fef0000 0x92000 6.00.6002.18005 C:\Windows\system32\stobject.dll
    0x6fe30000 0xb6000 6.00.6000.16386 C:\Windows\system32\BatMeter.dll
    0x75450000 0xa000 6.00.6001.18000 C:\Windows\system32\WTSAPI32.dll
    0x75560000 0x25000 6.00.6001.18000 C:\Windows\system32\WINSTA.dll
    0x74460000 0x46000 2001.12.6932.18005 C:\Windows\system32\es.dll
    0x6fbd0000 0x30000 6.00.6000.16386 C:\Windows\System32\SndVolSSO.dll
    0x6fba0000 0x21000 6.00.6002.18005 C:\Windows\ehome\ehSSO.dll
    0x74a80000 0x9000 6.00.6000.16386 C:\Windows\system32\HID.DLL
    0x75390000 0x66000 6.00.6001.18000 C:\Windows\system32\FirewallAPI.dll
    0x6e670000 0x30b000 6.00.6002.18005 C:\Windows\System32\netshell.dll
    0x75a10000 0x19000 6.00.6002.18005 C:\Windows\System32\IPHLPAPI.DLL
    0x759d0000 0x35000 6.00.6002.18005 C:\Windows\System32\dhcpcsvc.DLL
    0x75c50000 0x2c000 6.00.6002.18005 C:\Windows\System32\DNSAPI.dll
    0x759c0000 0x7000 6.00.6001.18000 C:\Windows\System32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 C:\Windows\System32\dhcpcsvc6.DLL
    0x74af0000 0xf000 6.00.6001.18000 C:\Windows\System32\nlaapi.dll
    0x6f3c0000 0x1bf000 6.00.6002.18005 C:\Windows\system32\pnidui.dll
    0x715b0000 0x17000 6.00.6001.18000 C:\Windows\system32\QUtil.dll
    0x75a30000 0x40000 6.00.6002.18005 C:\Windows\system32\wevtapi.dll
    0x74120000 0x6000 6.00.6000.16386 C:\Windows\system32\wlanutil.dll
    0x6f5e0000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll
    0x6d3e0000 0x12000 6.00.6002.18064 C:\Windows\system32\Wlanapi.dll
    0x73910000 0x17c000 6.00.6002.18005 C:\Windows\system32\OneX.DLL
    0x744e0000 0xe000 6.00.6001.18000 C:\Windows\system32\eappprxy.dll
    0x74130000 0x24000 6.00.6002.18005 C:\Windows\system32\eappcfg.dll
    0x758f0000 0x45000 6.00.6002.18005 C:\Windows\system32\bcrypt.dll
    0x6d3b0000 0xd000 6.00.6000.16386 C:\Windows\System32\AltTab.dll
    0x6d370000 0x19000 6.00.6002.18112 C:\Windows\system32\wpdshserviceobj.dll
    0x6d2e0000 0x2b000 6.00.6002.18112 C:\Windows\system32\PortableDeviceTypes.dll
    0x6f580000 0x56000 6.00.6002.18112 C:\Windows\system32\PortableDeviceApi.dll
    0x70e00000 0x5a000 6.00.6001.18000 C:\Windows\system32\taskschd.dll
    0x75100000 0x2f000 1.02.1009.0000 C:\Windows\system32\XmlLite.dll
    0x6ceb0000 0x4d000 7.00.6002.18005 C:\Windows\System32\srchadmin.dll
    0x6cf10000 0x3d000 8.00.6001.18702 C:\Windows\System32\webcheck.dll
    0x71130000 0x21c000 6.00.6002.18005 C:\Windows\System32\SyncCenter.dll
    0x6dd80000 0xb000 7.00.6002.18005 C:\Windows\system32\mssprxy.dll
    0x6cf90000 0x39000 6.00.6002.18005 C:\Windows\system32\wscntfy.dll
    0x72ad0000 0xb000 6.00.6002.18005 C:\Windows\system32\WSCAPI.dll
    0x6ce00000 0xa3000 6.00.6002.18005 C:\Windows\system32\bthprops.cpl
    0x71570000 0x2e000 6.00.6001.18000 C:\Windows\System32\QAgent.dll
    0x72de0000 0x96000 6.00.6002.18005 C:\Windows\System32\fwpuclnt.dll
    0x75f50000 0x5f000 6.00.6001.18000 C:\Windows\system32\SXS.DLL
    0x6c990000 0x23000 9.00.0044.43458 C:\Program Files\Videotron\Services de sécurité Vidéotron\MalwareContextMenuR.dll
    0x6c890000 0x73000 1.00.2498.0000 c:\PROGRA~1\MICROS~4\shellext.dll
    0x6c830000 0x2e000 6.00.6001.18000 C:\Windows\system32\syncui.dll
    0x6c870000 0x16000 6.00.6001.18000 C:\Windows\system32\SYNCENG.dll
    0x75bb0000 0x14000 6.00.6002.18005 C:\Windows\system32\MPR.dll
    0x6f760000 0x28c000 6.00.6001.18000 C:\Windows\System32\NLSData000c.dll
    0x6e980000 0x5f4000 6.00.6000.16386 C:\Windows\System32\NLSLexicons000c.dll
    0x70e90000 0x28000 6.00.6002.18005 C:\Windows\system32\FunDisc.dll
    0x74b20000 0xa000 6.00.6002.18005 C:\Windows\system32\fdproxy.dll
    0x70a80000 0x136000 8.100.5003.0000 C:\Windows\System32\msxml3.dll
    0x74ab0000 0x15000 6.00.6001.18000 C:\Windows\system32\Cabinet.dll

    ------------------------------------------------------------------------------
    winlogon.exe pid: 800
    Command line: winlogon.exe
    Base Size Version Path
    0x00710000 0x50000 6.00.6002.18005 C:\Windows\system32\winlogon.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76010000 0x14000 6.00.6002.18051 C:\Windows\system32\Secur32.dll
    0x75560000 0x25000 6.00.6001.18000 C:\Windows\system32\WINSTA.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\system32\USERENV.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x745a0000 0x3e000 6.00.6002.18005 C:\Windows\system32\SHSVCS.dll
    0x75080000 0x3f000 6.00.6001.18000 C:\Windows\system32\uxtheme.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x74360000 0xf4000 7.00.6002.18107 C:\Windows\system32\WindowsCodecs.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x75a70000 0x3a000 6.00.6002.18005 C:\Windows\system32\slc.dll
    0x75bb0000 0x14000 6.00.6002.18005 C:\Windows\system32\MPR.dll
    0x75ff0000 0x16000 6.00.6002.18005 C:\Windows\system32\AUTHZ.dll

    ------------------------------------------------------------------------------
    wininit.exe pid: 644
    Command line: wininit.exe
    Base Size Version Path
    0x00760000 0x1a000 6.00.6001.18000 C:\Windows\system32\wininit.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\system32\USERENV.dll
    0x76010000 0x14000 6.00.6002.18051 C:\Windows\system32\Secur32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\system32\MSASN1.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL

    ------------------------------------------------------------------------------
    svchost.exe pid: 916
    Command line: C:\Windows\system32\svchost.exe -k DcomLaunch
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75400000 0x39000 6.00.6002.18005 c:\windows\system32\umpnpmgr.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x76030000 0x1e000 6.00.6002.18005 c:\windows\system32\USERENV.dll
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x75500000 0x1a000 6.00.6002.18005 C:\Windows\system32\POWRPROF.dll
    0x754e0000 0x15000 6.00.6002.18005 C:\Windows\system32\GPAPI.dll
    0x75a70000 0x3a000 6.00.6002.18005 C:\Windows\system32\slc.dll
    0x752e0000 0x8a000 6.00.6002.18005 c:\windows\system32\rpcss.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x75390000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x75840000 0x8000 6.00.6002.18005 c:\windows\system32\VERSION.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\system32\MSASN1.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x74ab0000 0x15000 6.00.6001.18000 C:\Windows\system32\Cabinet.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x75560000 0x25000 6.00.6001.18000 C:\Windows\system32\WINSTA.dll
    0x75450000 0xa000 6.00.6001.18000 C:\Windows\system32\WTSAPI32.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 976
    Command line: C:\Windows\system32\svchost.exe -k rpcss
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x752e0000 0x8a000 6.00.6002.18005 c:\windows\system32\rpcss.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x75390000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x75840000 0x8000 6.00.6002.18005 c:\windows\system32\VERSION.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\system32\MSASN1.dll
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\system32\USERENV.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x72de0000 0x96000 6.00.6002.18005 C:\Windows\system32\fwpuclnt.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 1160
    Command line: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\System32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x747d0000 0xfc000 6.00.6002.18005 c:\windows\system32\wevtsvc.dll
    0x76030000 0x1e000 6.00.6002.18005 c:\windows\system32\USERENV.dll
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x75840000 0x8000 6.00.6002.18005 c:\windows\system32\VERSION.dll
    0x754e0000 0x15000 6.00.6002.18005 c:\windows\system32\GPAPI.dll
    0x75a70000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\System32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\System32\MSASN1.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\System32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\System32\NETAPI32.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x746b0000 0x51000 6.00.6002.18005 c:\windows\system32\audiosrv.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x74fc0000 0x28000 6.00.6002.18005 c:\windows\system32\MMDevAPI.DLL
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x75450000 0xa000 6.00.6001.18000 c:\windows\system32\WTSAPI32.dll
    0x75560000 0x25000 6.00.6001.18000 c:\windows\system32\WINSTA.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x75240000 0x2d000 6.00.6002.18169 C:\Windows\System32\WINTRUST.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x744f0000 0x8000 6.00.6000.16386 c:\windows\system32\lmhsvc.dll
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\System32\rsaenh.dll
    0x737b0000 0x21000 6.00.6002.18005 C:\Windows\System32\audioses.dll
    0x73520000 0x66000 6.00.6001.18000 C:\Windows\System32\audioeng.dll
    0x74b00000 0x7000 6.00.6001.18000 C:\Windows\System32\AVRT.dll
    0x6d270000 0x12000 6.00.6002.18005 c:\windows\system32\wscsvc.dll
    0x75390000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
    0x6e420000 0xdc000 6.00.6001.18000 c:\windows\system32\dbghelp.dll
    0x6fb40000 0xb000 6.00.6002.18005 C:\Windows\system32\wbem\wbemprox.dll
    0x6f5f0000 0x5b000 6.00.6001.18000 C:\Windows\system32\wbemcomn.dll
    0x6ef80000 0x10000 6.00.6002.18005 C:\Windows\system32\wbem\wbemsvc.dll
    0x6dc10000 0x99000 6.00.6002.18005 C:\Windows\system32\wbem\fastprox.dll
    0x75bf0000 0x18000 6.00.6001.18000 C:\Windows\system32\NTDSAPI.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x75940000 0x35000 6.00.6002.18005 C:\Windows\System32\ncrypt.dll
    0x758f0000 0x45000 6.00.6002.18005 C:\Windows\System32\BCRYPT.dll
    0x6b330000 0x8e000 7.04.7600.0226 C:\Windows\system32\wuapi.dll
    0x74ab0000 0x15000 6.00.6001.18000 C:\Windows\system32\Cabinet.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 1240
    Command line: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\System32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\System32\NTMARTA.DLL
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\System32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x746b0000 0x51000 6.00.6002.18005 c:\windows\system32\audiosrv.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x74fc0000 0x28000 6.00.6002.18005 c:\windows\system32\MMDevAPI.DLL
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x75450000 0xa000 6.00.6001.18000 c:\windows\system32\WTSAPI32.dll
    0x75560000 0x25000 6.00.6001.18000 c:\windows\system32\WINSTA.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x75240000 0x2d000 6.00.6002.18169 C:\Windows\System32\WINTRUST.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\System32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\System32\MSASN1.dll
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\System32\USERENV.dll
    0x76010000 0x14000 6.00.6002.18051 C:\Windows\System32\Secur32.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x745f0000 0xb000 6.00.6002.18005 c:\windows\system32\uxsms.dll
    0x744c0000 0x13000 6.00.6000.16386 c:\windows\system32\tabsvc.dll
    0x74a80000 0x9000 6.00.6000.16386 c:\windows\system32\HID.DLL
    0x75a70000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
    0x745e0000 0x10000 6.00.6001.18000 c:\windows\system32\wudfsvc.dll
    0x74330000 0x30000 6.00.6001.18000 c:\windows\system32\WUDFPlatform.dll
    0x75840000 0x8000 6.00.6002.18005 c:\windows\system32\VERSION.dll
    0x75a30000 0x40000 6.00.6002.18005 c:\windows\system32\wevtapi.dll
    0x741c0000 0x82000 6.00.6002.18064 c:\windows\system32\wlansvc.dll
    0x75d40000 0x76000 6.00.6002.18005 c:\windows\system32\NETAPI32.dll
    0x76fc0000 0xb10000 6.00.6002.18287 C:\Windows\system32\SHELL32.dll
    0x74260000 0x4c000 6.00.6002.18064 c:\windows\system32\WLANMSM.DLL
    0x74160000 0x52000 6.00.6002.18064 c:\windows\system32\WLANSEC.dll
    0x73910000 0x17c000 6.00.6002.18005 c:\windows\system32\OneX.DLL
    0x744e0000 0xe000 6.00.6001.18000 c:\windows\system32\eappprxy.dll
    0x74130000 0x24000 6.00.6002.18005 c:\windows\system32\eappcfg.dll
    0x748d0000 0x1ab000 5.02.6002.18005 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
    0x75050000 0x30000 6.00.6001.18000 c:\windows\system32\DUser.dll
    0x75080000 0x3f000 6.00.6001.18000 c:\windows\system32\UxTheme.dll
    0x74b60000 0x3d000 7.00.6002.18155 c:\windows\system32\OLEACC.dll
    0x75ff0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x742c0000 0x18000 6.00.6002.18005 c:\windows\system32\wlgpclnt.dll
    0x74250000 0x10000 6.00.6001.18000 c:\windows\system32\l2gpstore.dll
    0x74120000 0x6000 6.00.6000.16386 c:\windows\system32\wlanutil.dll
    0x75cb0000 0x7000 6.00.6000.16386 c:\windows\system32\SYSNTFY.dll
    0x75220000 0x1f000 6.00.6002.18005 c:\windows\system32\WinSCard.dll
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    0x758f0000 0x45000 6.00.6002.18005 c:\windows\system32\bcrypt.dll
    0x73650000 0x15b000 6.20.5002.0000 C:\Windows\System32\msxml6.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\System32\rsaenh.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\System32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75850000 0x7e000 6.00.6002.18051 C:\Windows\system32\kerberos.dll
    0x75c90000 0x11000 6.00.6001.18000 C:\Windows\System32\cryptdll.dll
    0x76c90000 0x133000 8.00.6001.18975 C:\Windows\system32\urlmon.dll
    0x76dd0000 0x1e8000 8.00.6001.18975 C:\Windows\system32\iertutil.dll
    0x73590000 0x60000 6.00.6001.18000 C:\Windows\system32\netcfgx.dll
    0x74ab0000 0x15000 6.00.6001.18000 C:\Windows\System32\Cabinet.dll
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x71450000 0x8d000 6.00.6002.18005 c:\windows\system32\emdmgmt.dll
    0x71530000 0x39000 6.00.6002.18005 c:\windows\system32\WDSCORE.dll
    0x714f0000 0xd000 6.00.6001.18000 c:\windows\system32\pcasvc.dll
    0x70d60000 0x46000 6.00.6001.18000 c:\windows\system32\netman.dll
    0x70db0000 0x4a000 6.00.6002.18005 c:\windows\system32\RASAPI32.dll
    0x70d40000 0x14000 6.00.6001.18000 c:\windows\system32\rasman.dll
    0x70d00000 0x31000 6.00.6000.16386 c:\windows\system32\TAPI32.dll
    0x71500000 0xc000 6.00.6002.18274 c:\windows\system32\rtutils.dll
    0x74ba0000 0x32000 6.00.6002.18005 c:\windows\system32\WINMM.dll
    0x6e670000 0x30b000 6.00.6002.18005 C:\Windows\System32\netshell.dll
    0x74af0000 0xf000 6.00.6001.18000 C:\Windows\System32\nlaapi.dll
    0x6f6d0000 0x8a000 6.00.6002.18005 c:\windows\system32\sysmain.dll
    0x6fac0000 0x15000 6.00.6001.18000 c:\windows\system32\trkwks.dll
    0x6faa0000 0x17000 6.00.6002.18112 c:\windows\system32\wpdbusenum.dll
    0x754e0000 0x15000 6.00.6002.18005 C:\Windows\System32\GPAPI.dll
    0x6f580000 0x56000 6.00.6002.18112 C:\Windows\system32\PortableDeviceApi.dll
    0x6ded0000 0x12000 6.00.6002.18112 C:\Windows\System32\portabledeviceconnectapi.dll
    0x71510000 0x15000 6.00.6001.18000 c:\windows\system32\wdi.dll
    0x72ae0000 0xa000 6.00.6001.18000 C:\Windows\system32\pcadm.dll
    0x6d660000 0xce000 6.00.6002.18005 C:\Windows\System32\RASDLG.dll
    0x6dab0000 0x1a000 6.00.6002.18005 C:\Windows\System32\MPRAPI.dll
    0x75010000 0x35000 6.00.6001.18000 C:\Windows\System32\ACTIVEDS.dll
    0x74bf0000 0x33000 6.00.6002.18005 C:\Windows\System32\adsldpc.dll
    0x72460000 0x2e000 6.00.6002.18005 C:\Windows\System32\credui.dll
    0x74a90000 0x14000 3.05.2284.0002 C:\Windows\System32\ATL.DLL
    0x6de30000 0x4a000 6.00.6001.18000 C:\Windows\System32\hnetcfg.dll
    0x72820000 0x60000 6.00.6002.18096 C:\Windows\System32\WINHTTP.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x6c940000 0x33000 6.00.6001.18000 C:\Windows\system32\upnp.dll
    0x70bc0000 0xc000 6.00.6000.16386 C:\Windows\system32\SSDPAPI.dll
    0x75f50000 0x5f000 6.00.6001.18000 C:\Windows\System32\SXS.DLL
    0x6fb40000 0xb000 6.00.6002.18005 C:\Windows\system32\wbem\wbemprox.dll
    0x6f5f0000 0x5b000 6.00.6001.18000 C:\Windows\system32\wbemcomn.dll
    0x6ef80000 0x10000 6.00.6002.18005 C:\Windows\system32\wbem\wbemsvc.dll
    0x6dc10000 0x99000 6.00.6002.18005 C:\Windows\system32\wbem\fastprox.dll
    0x75bf0000 0x18000 6.00.6001.18000 C:\Windows\system32\NTDSAPI.dll
    0x75790000 0x38000 6.00.6002.18111 C:\Windows\system32\msv1_0.dll
    0x6c760000 0x15000 6.00.6000.16386 C:\Windows\system32\radardt.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 1264
    Command line: C:\Windows\system32\svchost.exe -k netsvcs
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x74ad0000 0x11000 6.00.6001.18000 c:\windows\system32\mmcss.dll
    0x74b00000 0x7000 6.00.6001.18000 c:\windows\system32\AVRT.dll
    0x74620000 0x29000 6.00.6002.18005 c:\windows\system32\profsvc.dll
    0x75cb0000 0x7000 6.00.6000.16386 c:\windows\system32\SYSNTFY.dll
    0x76030000 0x1e000 6.00.6002.18005 c:\windows\system32\USERENV.dll
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x74af0000 0xf000 6.00.6001.18000 c:\windows\system32\nlaapi.dll
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    0x74a90000 0x14000 3.05.2284.0002 c:\windows\system32\ATL.DLL
    0x745a0000 0x3e000 6.00.6002.18005 c:\windows\system32\shsvcs.dll
    0x75560000 0x25000 6.00.6001.18000 C:\Windows\system32\WINSTA.dll
    0x75080000 0x3f000 6.00.6001.18000 C:\Windows\system32\UxTheme.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x74610000 0xe000 6.00.6001.18000 c:\windows\system32\sens.dll
    0x75450000 0xa000 6.00.6001.18000 c:\windows\system32\WTSAPI32.dll
    0x744b0000 0x10000 6.00.6001.18000 c:\windows\system32\eapsvc.dll
    0x742e0000 0x30000 6.00.6002.18005 C:\Windows\system32\eapphost.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x742b0000 0xf000 6.00.6001.18000 C:\Windows\system32\umb.dll
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x75240000 0x2d000 6.00.6002.18169 C:\Windows\system32\WINTRUST.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\system32\MSASN1.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x73880000 0x85000 5.82.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
    0x737e0000 0x94000 6.00.6002.18005 c:\windows\system32\schedsvc.dll
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x75a30000 0x40000 6.00.6002.18005 c:\windows\system32\wevtapi.dll
    0x75ff0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
    0x74110000 0x7000 6.00.6001.18000 c:\windows\system32\ktmw32.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x74070000 0x44000 6.00.6002.18005 C:\Windows\system32\taskcomp.dll
    0x75840000 0x8000 6.00.6002.18005 C:\Windows\system32\VERSION.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x74100000 0xb000 6.00.6001.18000 C:\Windows\system32\wiarpc.dll
    0x74710000 0xbb000 7.00.6002.18005 C:\Windows\system32\PROPSYS.dll
    0x75f50000 0x5f000 6.00.6001.18000 C:\Windows\system32\SXS.DLL
    0x75fb0000 0x2c000 6.00.6002.18005 C:\Windows\system32\apphelp.dll
    0x732b0000 0x9000 6.00.6000.16386 C:\Windows\system32\tschannel.dll
    0x72630000 0x22000 6.00.6002.18306 c:\windows\system32\srvsvc.dll
    0x75a70000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
    0x75440000 0x6000 6.00.6000.16386 C:\Windows\system32\SSCORE.DLL
    0x75390000 0x66000 6.00.6001.18000 C:\Windows\system32\FirewallAPI.DLL
    0x750d0000 0x2e000 6.00.6001.18000 C:\Windows\system32\CLUSAPI.DLL
    0x75bf0000 0x18000 6.00.6001.18000 C:\Windows\system32\NTDSAPI.dll
    0x75c90000 0x11000 6.00.6001.18000 C:\Windows\system32\cryptdll.dll
    0x75010000 0x35000 6.00.6001.18000 C:\Windows\system32\ACTIVEDS.dll
    0x74bf0000 0x33000 6.00.6002.18005 C:\Windows\system32\adsldpc.dll
    0x72460000 0x2e000 6.00.6002.18005 C:\Windows\system32\credui.dll
    0x76fc0000 0xb10000 6.00.6002.18287 C:\Windows\system32\SHELL32.dll
    0x75370000 0x13000 6.00.6001.18000 C:\Windows\system32\RESUTILS.DLL
    0x74ff0000 0x9000 6.00.6000.16386 c:\windows\system32\aelupsvc.dll
    0x713e0000 0x6f000 6.00.6002.18005 c:\windows\system32\ikeext.dll
    0x72de0000 0x96000 6.00.6002.18005 c:\windows\system32\fwpuclnt.dll
    0x75940000 0x35000 6.00.6002.18005 C:\Windows\system32\ncrypt.dll
    0x758f0000 0x45000 6.00.6002.18005 C:\Windows\system32\BCRYPT.dll
    0x704a0000 0x8000 6.00.6001.18000 c:\windows\system32\seclogon.dll
    0x6f9f0000 0x2a000 6.00.6002.18005 c:\windows\system32\wbem\wmisvc.dll
    0x6f5f0000 0x5b000 6.00.6001.18000 C:\Windows\system32\wbemcomn.dll
    0x6efb0000 0x43000 6.00.6002.18005 c:\windows\system32\rasmans.dll
    0x71500000 0xc000 6.00.6002.18274 c:\windows\system32\rtutils.dll
    0x6f030000 0x14000 6.00.6002.18005 C:\Windows\system32\rastapi.dll
    0x70d00000 0x31000 6.00.6000.16386 C:\Windows\system32\TAPI32.dll
    0x74ba0000 0x32000 6.00.6002.18005 C:\Windows\system32\WINMM.dll
    0x74b60000 0x3d000 7.00.6002.18155 C:\Windows\system32\OLEACC.dll
    0x6e310000 0x34000 6.00.6002.18209 c:\windows\system32\iphlpsvc.dll
    0x6f000000 0x23000 6.00.6001.18000 c:\windows\system32\sqmapi.dll
    0x74ab0000 0x15000 6.00.6001.18000 C:\Windows\system32\Cabinet.dll
    0x6de30000 0x4a000 6.00.6001.18000 C:\Windows\system32\hnetcfg.dll
    0x754e0000 0x15000 6.00.6002.18005 C:\Windows\system32\GPAPI.dll
    0x72820000 0x60000 6.00.6002.18096 C:\Windows\system32\WINHTTP.dll
    0x70f50000 0x10b000 6.00.6002.18005 C:\Windows\system32\VSSAPI.DLL
    0x74b40000 0x14000 6.00.6001.18000 C:\Windows\system32\vsstrace.dll
    0x75100000 0x2f000 1.02.1009.0000 C:\Windows\system32\XmlLite.dll
    0x75bb0000 0x14000 6.00.6002.18005 C:\Windows\system32\MPR.dll
    0x6dcb0000 0xb9000 6.00.6002.18005 C:\Windows\system32\wbem\wbemcore.dll
    0x6dde0000 0x43000 6.00.6002.18005 C:\Windows\system32\wbem\esscli.dll
    0x6dc10000 0x99000 6.00.6002.18005 C:\Windows\system32\wbem\FastProx.dll
    0x6ef80000 0x10000 6.00.6002.18005 C:\Windows\system32\wbem\wbemsvc.dll
    0x6dda0000 0x17000 6.00.6002.18005 C:\Windows\system32\wbem\wmiutils.dll
    0x6db70000 0x44000 6.00.6002.18005 C:\Windows\system32\wbem\repdrvfs.dll
    0x6dad0000 0x43000 6.00.6002.18005 C:\Windows\system32\rasppp.dll
    0x6dab0000 0x1a000 6.00.6002.18005 C:\Windows\system32\MPRAPI.dll
    0x70db0000 0x4a000 6.00.6002.18005 C:\Windows\system32\RASAPI32.dll
    0x70d40000 0x14000 6.00.6001.18000 C:\Windows\system32\rasman.dll
    0x75850000 0x7e000 6.00.6002.18051 C:\Windows\system32\kerberos.dll
    0x6da90000 0x14000 6.00.6001.18000 C:\Windows\system32\RASQEC.DLL
    0x715b0000 0x17000 6.00.6001.18000 C:\Windows\system32\QUtil.dll
    0x6d860000 0x47000 6.00.6002.18005 C:\Windows\System32\raschap.dll
    0x6da10000 0x3e000 6.00.6002.18116 C:\Windows\System32\rastls.dll
    0x6d770000 0xf0000 6.00.6002.18005 C:\Windows\system32\CRYPTUI.dll
    0x75470000 0x5000 6.00.6000.16386 C:\Windows\system32\MSIMG32.dll
    0x75220000 0x1f000 6.00.6002.18005 C:\Windows\system32\WinSCard.dll
    0x6d5d0000 0x7d000 6.00.6002.18005 C:\Windows\system32\wbem\wmiprvsd.dll
    0x75fe0000 0xf000 6.00.6001.18000 C:\Windows\system32\NCObjAPI.DLL
    0x6d570000 0x57000 6.00.6002.18005 C:\Windows\system32\wbem\wbemess.dll
    0x75790000 0x38000 6.00.6002.18111 C:\Windows\system32\msv1_0.dll
    0x6c810000 0xb000 6.00.6001.18000 c:\windows\system32\appinfo.dll
    0x6c7e0000 0x10000 6.00.6002.18005 C:\Windows\system32\wbem\ncprov.dll
    0x6afa0000 0x1bf000 7.00.6002.18005 c:\windows\system32\qmgr.dll
    0x6fc30000 0x5000 6.00.6000.16386 c:\windows\system32\SHFOLDER.dll
    0x6d750000 0x8000 7.00.6000.16386 c:\windows\system32\bitsperf.dll
    0x6d760000 0xb000 7.00.6002.18005 C:\Windows\system32\bitsigd.dll
    0x6c940000 0x33000 6.00.6001.18000 C:\Windows\system32\upnp.dll
    0x70bc0000 0xc000 6.00.6000.16386 C:\Windows\system32\SSDPAPI.dll
    0x6a540000 0x1d9000 7.04.7600.0226 c:\windows\system32\wuaueng.dll
    0x6d400000 0x168000 6.00.6002.18005 c:\windows\system32\ESENT.dll
    0x715d0000 0x42000 6.00.6002.18087 c:\windows\system32\WINSPOOL.DRV
    0x6d740000 0xc000 6.00.6001.18000 c:\windows\system32\mspatcha.dll
    0x75c80000 0x6000 6.00.6000.16386 C:\Windows\system32\WMsgAPI.dll
    0x6f1e0000 0xd9000 6.00.6002.18005 C:\Windows\system32\wer.dll
    0x70bd0000 0x6000 6.00.6000.16386 C:\Windows\system32\SensApi.dll
    0x70a80000 0x136000 8.100.5003.0000 C:\Windows\System32\msxml3.dll
    0x70020000 0xf000 6.00.6001.18000 C:\Windows\system32\napinsp.dll
    0x6fc60000 0x12000 6.00.6001.18000 C:\Windows\system32\pnrpnsp.dll
    0x70010000 0x8000 6.00.6002.18005 C:\Windows\System32\winrnr.dll
    0x6fc00000 0x25000 2.00.0002.0000 C:\Program Files\Bonjour\mdnsNSP.dll
    0x73170000 0x6000 6.00.6000.16386 C:\Windows\system32\rasadhlp.dll
    0x6da60000 0x26000 6.00.6001.18000 C:\Windows\system32\dssenh.dll
    0x6c510000 0x2e000 8.00.6001.18702 C:\Windows\system32\advpack.dll
    0x71620000 0x227000 4.05.6002.18005 C:\Windows\system32\msi.dll
    0x74460000 0x46000 2001.12.6932.18005 C:\Windows\System32\ES.DLL
    0x74050000 0xa000 7.04.7600.0226 C:\Windows\System32\wups.dll
    0x76c90000 0x133000 8.00.6001.18975 C:\Windows\system32\urlmon.dll
    0x76dd0000 0x1e8000 8.00.6001.18975 C:\Windows\system32\iertutil.dll
    0x769f0000 0xe6000 8.00.6001.18975 C:\Windows\system32\WININET.dll
    0x76180000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
    0x73f00000 0x16000 6.00.6001.18000 c:\windows\system32\browser.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 1392
    Command line: C:\Windows\system32\svchost.exe -k GPSvcGroup
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x74500000 0x8f000 6.00.6002.18005 c:\windows\system32\gpsvc.dll
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x75d40000 0x76000 6.00.6002.18005 c:\windows\system32\NETAPI32.dll
    0x75bf0000 0x18000 6.00.6001.18000 c:\windows\system32\NTDSAPI.dll
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x75450000 0xa000 6.00.6001.18000 c:\windows\system32\WTSAPI32.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x76030000 0x1e000 6.00.6002.18005 c:\windows\system32\USERENV.dll
    0x754e0000 0x15000 6.00.6002.18005 c:\windows\system32\GPAPI.dll
    0x75a70000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
    0x75ff0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
    0x75cb0000 0x7000 6.00.6000.16386 c:\windows\system32\SYSNTFY.dll
    0x75560000 0x25000 6.00.6001.18000 c:\windows\system32\WINSTA.dll
    0x74af0000 0xf000 6.00.6001.18000 c:\windows\system32\nlaapi.dll
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    ------------------------------------------------------------------------------
    svchost.exe pid: 1436
    Command line: C:\Windows\system32\svchost.exe -k LocalService
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x74460000 0x46000 2001.12.6932.18005 c:\windows\system32\es.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x74710000 0xbb000 7.00.6002.18005 c:\windows\system32\PROPSYS.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x74590000 0x8000 6.00.6001.18000 c:\windows\system32\nsisvc.dll
    0x76010000 0x14000 6.00.6002.18051 C:\Windows\system32\secur32.dll
    0x75ab0000 0xf2000 6.00.6002.18005 C:\Windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 C:\Windows\system32\MSASN1.dll
    0x76030000 0x1e000 6.00.6002.18005 C:\Windows\system32\USERENV.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x75d40000 0x76000 6.00.6002.18005 C:\Windows\system32\NETAPI32.dll
    0x72880000 0x34000 6.00.6002.18005 c:\windows\system32\webclnt.dll
    0x72820000 0x60000 6.00.6002.18096 c:\windows\system32\WINHTTP.dll
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x76c90000 0x133000 8.00.6001.18975 C:\Windows\system32\urlmon.dll
    0x76dd0000 0x1e8000 8.00.6001.18975 C:\Windows\system32\iertutil.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x76fc0000 0xb10000 6.00.6002.18287 C:\Windows\system32\shell32.dll
    0x769f0000 0xe6000 8.00.6001.18975 C:\Windows\system32\WinInet.dll
    0x76180000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
    0x72770000 0x2a000 6.00.6002.18049 c:\windows\system32\wkssvc.dll
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    0x75bf0000 0x18000 6.00.6001.18000 c:\windows\system32\NTDSAPI.dll
    0x75610000 0xd7000 6.00.6000.16386 c:\windows\system32\WINBRAND.dll
    0x715a0000 0x9000 6.00.6000.16386 c:\windows\system32\fdrespub.dll
    0x70ec0000 0x59000 6.00.6002.18085 c:\windows\system32\wsdapi.dll
    0x72810000 0xb000 6.00.6002.18210 c:\windows\system32\HTTPAPI.dll
    0x75240000 0x2d000 6.00.6002.18169 c:\windows\system32\WINTRUST.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x75100000 0x2f000 1.02.1009.0000 c:\windows\system32\XmlLite.dll
    0x75390000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
    0x75840000 0x8000 6.00.6002.18005 c:\windows\system32\VERSION.dll
    0x70e90000 0x28000 6.00.6002.18005 C:\Windows\system32\FunDisc.dll
    0x74a90000 0x14000 3.05.2284.0002 C:\Windows\system32\ATL.DLL
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x70a80000 0x136000 8.100.5003.0000 C:\Windows\System32\msxml3.dll
    0x75f50000 0x5f000 6.00.6001.18000 C:\Windows\system32\SXS.DLL
    0x6ffa0000 0x25000 6.00.6001.18000 c:\windows\system32\sstpsvc.dll
    0x71500000 0xc000 6.00.6002.18274 c:\windows\system32\rtutils.dll
    0x6f680000 0x48000 6.00.6002.18005 c:\windows\system32\w32time.dll
    0x75c90000 0x11000 6.00.6001.18000 c:\windows\system32\cryptdll.dll
    0x754e0000 0x15000 6.00.6002.18005 C:\Windows\system32\GPAPI.dll
    0x75a70000 0x3a000 6.00.6002.18005 C:\Windows\system32\slc.dll
    0x6e3e0000 0x3c000 6.00.6001.18000 c:\windows\system32\netprofm.dll
    0x74af0000 0xf000 6.00.6001.18000 c:\windows\system32\nlaapi.dll
    0x6f5e0000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll
    0x70020000 0xf000 6.00.6001.18000 C:\Windows\system32\napinsp.dll
    0x6fc60000 0x12000 6.00.6001.18000 C:\Windows\system32\pnrpnsp.dll
    0x70010000 0x8000 6.00.6002.18005 C:\Windows\System32\winrnr.dll
    0x6fc00000 0x25000 2.00.0002.0000 C:\Program Files\Bonjour\mdnsNSP.dll
    0x73170000 0x6000 6.00.6000.16386 C:\Windows\system32\rasadhlp.dll
    0x6c910000 0x28000 6.00.6001.18000 c:\windows\system32\ssdpsrv.dll
    0x74040000 0x6000 6.00.6001.18000 c:\windows\system32\fdphost.dll
    0x73b60000 0x12000 6.00.6002.18005 C:\Windows\system32\fdwsd.dll
    0x75130000 0x30000 6.00.6001.18000 C:\Windows\system32\MLANG.dll
    0x73b40000 0x12000 6.00.6002.18005 C:\Windows\system32\fdssdp.dll
    0x70bc0000 0xc000 6.00.6000.16386 C:\Windows\system32\SSDPAPI.dll
    0x74b20000 0xa000 6.00.6002.18005 C:\Windows\system32\fdproxy.dll
    ------------------------------------------------------------------------------
    svchost.exe pid: 1656
    Command line: C:\Windows\system32\svchost.exe -k NetworkService
    Base Size Version Path
    0x00500000 0x8000 6.00.6001.18000 C:\Windows\system32\svchost.exe
    0x77ad0000 0x127000 6.00.6002.18005 C:\Windows\system32\ntdll.dll
    0x765c0000 0xdc000 6.00.6002.18005 C:\Windows\system32\kernel32.dll
    0x76340000 0xaa000 7.00.6002.18005 C:\Windows\system32\msvcrt.dll
    0x76260000 0xc6000 6.00.6002.18005 C:\Windows\system32\ADVAPI32.dll
    0x76190000 0xc3000 6.00.6002.18024 C:\Windows\system32\RPCRT4.dll
    0x75480000 0x21000 6.00.6002.18005 C:\Windows\system32\NTMARTA.DLL
    0x76bf0000 0x9d000 6.00.6002.18005 C:\Windows\system32\USER32.dll
    0x76420000 0x4b000 6.00.6002.18005 C:\Windows\system32\GDI32.dll
    0x769a0000 0x49000 6.00.6002.18005 C:\Windows\system32\WLDAP32.dll
    0x766a0000 0x2d000 6.00.6001.18000 C:\Windows\system32\WS2_32.dll
    0x76330000 0x6000 6.00.6001.18000 C:\Windows\system32\NSI.dll
    0x76170000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75c30000 0x11000 6.00.6002.18005 C:\Windows\system32\SAMLIB.dll
    0x76470000 0x145000 6.00.6002.18277 C:\Windows\system32\ole32.dll
    0x77c00000 0x1e000 6.00.6002.18005 C:\Windows\system32\IMM32.DLL
    0x768d0000 0xc8000 6.00.6002.18005 C:\Windows\system32\MSCTF.dll
    0x766d0000 0x9000 6.00.6002.18051 C:\Windows\system32\LPK.DLL
    0x77c20000 0x7d000 1.626.6002.18244 C:\Windows\system32\USP10.dll
    0x74310000 0x18000 6.00.6002.18005 c:\windows\system32\dnsrslvr.dll
    0x75c50000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
    0x759d0000 0x35000 6.00.6002.18005 c:\windows\system32\dhcpcsvc.DLL
    0x76010000 0x14000 6.00.6002.18051 c:\windows\system32\Secur32.dll
    0x759c0000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
    0x75990000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
    0x75a10000 0x19000 6.00.6002.18005 c:\windows\system32\IPHLPAPI.DLL
    0x757d0000 0x3b000 6.00.6002.18005 C:\Windows\system32\mswsock.dll
    0x75830000 0x5000 6.00.6001.18000 C:\Windows\System32\wship6.dll
    0x75460000 0x5000 6.00.6001.18000 C:\Windows\System32\wshtcpip.dll
    0x71060000 0x22000 6.00.6002.18005 c:\windows\system32\cryptsvc.dll
    0x76ae0000 0x8d000 6.00.6002.18005 C:\Windows\system32\OLEAUT32.dll
    0x70f50000 0x10b000 6.00.6002.18005 c:\windows\system32\VSSAPI.DLL
    0x74a90000 0x14000 3.05.2284.0002 c:\windows\system32\ATL.DLL
    0x74b40000 0x14000 6.00.6001.18000 c:\windows\system32\vsstrace.dll
    0x75ff0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
    0x75100000 0x2f000 1.02.1009.0000 c:\windows\system32\XmlLite.dll
    0x75d40000 0x76000 6.00.6002.18005 c:\windows\system32\NETAPI32.dll
    0x75bb0000 0x14000 6.00.6002.18005 c:\windows\system32\MPR.dll
    0x766e0000 0x18a000 6.00.6002.18005 C:\Windows\system32\SETUPAPI.dll
    0x75ab0000 0xf2000 6.00.6002.18005 c:\windows\system32\CRYPT32.dll
    0x75c10000 0x12000 6.00.6002.18106 c:\windows\system32\MSASN1.dll
    0x76030000 0x1e000 6.00.6002.18005 c:\windows\system32\USERENV.dll
    0x70e60000 0x2b000 6.00.6001.18000 c:\windows\system32\nlasvc.dll
    0x75a30000 0x40000 6.00.6002.18005 c:\windows\system32\wevtapi.dll
    0x70be0000 0x1a000 6.00.6001.18000 c:\windows\system32\ncsi.dll
    0x72820000 0x60000 6.00.6002.18096 c:\windows\system32\WINHTTP.dll
    0x76870000 0x59000 6.00.6002.18005 C:\Windows\system32\SHLWAPI.dll
    0x75450000 0xa000 6.00.6001.18000 c:\windows\system32\WTSAPI32.dll
    0x758f0000 0x45000 6.00.6002.18005 c:\windows\system32\bcrypt.dll
    0x70ca0000 0x8000 6.00.6001.18000 c:\windows\system32\CFGMGR32.dll
    0x74e20000 0x19e000 6.10.6002.18305 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    0x75520000 0x3b000 6.00.6002.18005 C:\Windows\system32\rsaenh.dll
    0x758e0000 0x7000 6.00.6001.18000 C:\Windows\system32\credssp.dll
    0x755c0000 0x46000 6.00.6002.18290 C:\Windows\system32\schannel.dll
    0x70bc0000 0xc000 6.00.6000.16386 C:\Windows\system32\ssdpapi.dll
    0x77ca0000 0x84000 2001.12.6931.18000 C:\Windows\system32\CLBCatQ.DLL
    0x74460000 0x46000 2001.12.6932.18005 C:\Windows\system32\es.dll
    0x74710000 0xbb000 7.00.6002.18005 C:\Windows\system32\PROPSYS.dll
    0x75560000 0x25000 6.00.6001.18000 C:\Windows\system32\WINSTA.dll
    0x6fa60000 0x3d000 6.00.6002.18005 c:\windows\system32\tapisrv.dll
    0x75010000 0x35000 6.00.6001.18000 c:\windows\system32\ACTIVEDS.dll
    0x74bf0000 0x33000 6.00.6002.18005 c:\windows\system32\adsldpc.dll
    0x72460000 0x2e000 6.00.6002.18005 c:\windows\system32\credui.dll
    0x76fc0000 0xb10000 6.00.6002.18287 C:\Windows\system32\SHELL32.dll
    0x71500000 0xc000 6.00.6002.18274 c:\windows\system32\rtutils.dll
    0x74ba0000 0x32000 6.00.6002.18005 c:\windows\system32\WINMM.dll
    0x74b60000 0x3d000 7.00.6002.18155 c:\windows\system32\OLEACC.dll
    0x6f2c0000 0x71000 6.00.6002.18005 c:\windows\system32\termsrv.dll
    0x70330000 0x7000 6.00.6001.18000 c:\windows\system32\ICAAPI.dll
    0x75240000 0x2d000 6.00.6002.18169 c:\windows\system32\WINTRUST.dll
    0x763f0000 0x29000 6.00.6001.18000 C:\Windows\system32\imagehlp.dll
    0x6de80000 0x48000 6.00.6002.18005 C:\Windows\system32\unimdm.tsp
    0x6dd90000 0x7000 6.00.6000.16386 C:\Windows\system32\uniplat.dll
    0x6dbf0000 0x11000 6.00.6000.16386 C:\Windows\system32\unimdmat.dll
    0x75840000 0x8000 6.00.6002.18005 C:\Windows\system32\VERSION.dll
    0x6db20000 0x4a000
    0
  16. Pnlop
     
    Qu'est ce qu'il a mon ordi à ton avis benurrr???¨Ça l'air puissant cette nuissance!!!
    0
  17. Pnlop
     
    contact at www.sur-la-toile.com
    mail: tigzy44<at>hotmail<dot>fr
    Remontées: https://www.luanagames.com/index.fr.html

    Operating System: Windows Vista (6.0.6002 Service Pack 2) version 32 bits
    Mode: Scan -- Time : 11/11/2010 02:31:30

    Bad processes:

    Found:

    Finished
    0
    1. Pnlop
       
      Ya pas trouver grand chose on dirait!
      0
  18. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut pourquoi rogue killer ?

    Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    choisis l'option CLEAN

    laisse travailler l'outil.

    en fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau
    0
  19. Pnlop
     
    ¤¤ Kill'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤

    User : Utilisateur (Administrateurs)
    Update on 11/11/2010 by g3n-h@ckm@n ::::: 13.00
    Start at: 07:46:37 | 2010-11-11

    Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
    Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18975
    Windows Firewall Status : Disabled

    C:\ -> Disque fixe local | 216,88 Go (139,33 Go free) | NTFS
    D:\ -> Disque CD-ROM
    Q:\ -> Disque fixe local

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    ¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

    127.0.0.1 localhost

    ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    Local Page = C:\WINDOWS\system32\blank.htm
    Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.google.com/?gws_rd=ssl
    Local Page = C:\WINDOWS\system32\blank.htm
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1 (0x1)
    FirewallDisableNotify = 0 (0x0)
    AntiVirusDisableNotify = 0 (0x0)
    UpdatesDisableNotify = 0 (0x0)
    FirstRunDisabled = 1 (0x1)
    AntiVirusOverride = 0 (0x0)
    FirewallOverride = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

    Ndisuio : Start = 3
    EapHost : Start = 2
    Wlansvc : Start = 2
    SharedAccess : Start = 2
    windefend : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ¤¤¤¤¤¤¤¤¤¤ Winlogon

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Shell = explorer.exe
    Userinit = C:\Windows\System32\userinit.exe,

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    Disk Cleaned
    anti-ver blaster : OK
    Prefetch cleaned
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 62 !
    copy of MBR has been found in sector 63 !

    End of Scan : 7:47:49,85

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  20. Pnlop
     
    Bonjour!
    J'ai finalement réussis à faire malwarebytes!
    Voici le rapport:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 5097

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    2010-11-11 21:53:41
    mbam-log-2010-11-11 (21-53-41).txt

    Type d'examen: Examen complet (C:\|Q:\|)
    Elément(s) analysé(s): 245079
    Temps écoulé: 57 minute(s), 58 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  21. Pnlop
     
    Salut!
    J'ai désinstaller Microsoft essantials security.
    0
  • 1
  • 2