UC qui tourne à 100% depuis 3 jours
kfor
-
kfor -
kfor -
Bonjour,
Mon UC tourne à 100% depuis plus de 3 jours non-stop. J'ai essayé redémarrages, Scans Ad-Aware, Avast, Spybot S&D, CCleaner...et ça ne change rien.
Au secours : je veux pas perdre toutes les photos de mes enfants !!!
Voilà mon log OTL :
http://www.cijoint.fr/cjlink.php?file=cj201011/cijycHYQ87.txt
http://www.cijoint.fr/cjlink.php?file=cj201011/cijGOX3RBT.txt
Grand merci d'avance !
Mon UC tourne à 100% depuis plus de 3 jours non-stop. J'ai essayé redémarrages, Scans Ad-Aware, Avast, Spybot S&D, CCleaner...et ça ne change rien.
Au secours : je veux pas perdre toutes les photos de mes enfants !!!
Voilà mon log OTL :
http://www.cijoint.fr/cjlink.php?file=cj201011/cijycHYQ87.txt
http://www.cijoint.fr/cjlink.php?file=cj201011/cijGOX3RBT.txt
Grand merci d'avance !
A voir également:
- UC qui tourne à 100% depuis 3 jours
- Ai suite 3 - Télécharger - Optimisation
- Compte facebook suspendu 180 jours - Guide
- Nombre de jours entre deux dates excel - Guide
- Mise a jour chrome - Accueil - Applications & Logiciels
- Picasa 3 - Télécharger - Albums photo
2 réponses
Salut :
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)
? Télécharge ici :
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
? Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
Il commencera par telecharger et installer ses mises à jour , puis te donnera son menu
choisis l'option Search
? laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
??? NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
? Clique sur Parcourir et cherche le fichier C:\List'em.txt
? Clique sur Ouvrir.
? Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
? Copie ce lien dans ta réponse.
? Fais de même avec more.txt qui se trouve sur ton bureau
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)
? Télécharge ici :
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
? Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
Il commencera par telecharger et installer ses mises à jour , puis te donnera son menu
choisis l'option Search
? laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
??? NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
? Clique sur Parcourir et cherche le fichier C:\List'em.txt
? Clique sur Ouvrir.
? Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
? Copie ce lien dans ta réponse.
? Fais de même avec more.txt qui se trouve sur ton bureau
Bonsoir,
J'ai désactivé Zone Alarm et Avast.
Le site ci-joint.fr ne fonctionne pas, du coup je met une copie des fichiers ici.
Voilà les fichiers :
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤
User : fnac (Administrateurs)
Update on 23/11/2010 by g3n-h@ckm@n ::::: 12.00
Start at: 21:39:35 | 25/11/2010
AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : ZoneAlarm Antivirus 7.0.483.000 [ (!) Disabled | (!) Outdated ]
AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]
FW : ZoneAlarm Firewall[ (!) Disabled ]7.0.483.000
C:\ -> Disque fixe local | 71,36 Go (17,57 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 71,82 Go (12,49 Go free) [ACERDATA] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Documents and settings\fnac
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 52 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 2812 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 4712 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 2004 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 2476 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 1692 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 1764 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 26164 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 96 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup ----
C:\WINDOWS\system32\svchost.exe ---- 2416 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 56 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\Explorer.EXE ---- 20444 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe ---- 172 Ko ---- Normal ---- "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe" ---- Lavasoft AB
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 30852 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" ---- ALWIL Software
C:\WINDOWS\system32\spoolsv.exe ---- 1804 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\system32\svchost.exe ---- 56 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ---- 1488 Ko ---- Normal ---- "C:\Acer\Empowering Technology\ePerformance\MemCheck.exe" ----
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---- 156 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" ---- Apple Inc.
C:\Program Files\Bonjour\mDNSResponder.exe ---- 880 Ko ---- Normal ---- "C:\Program Files\Bonjour\mDNSResponder.exe" ---- Apple Inc.
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe ---- 56 Ko ---- Normal ---- "c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe" ----
C:\Program Files\CyberLink\Shared Files\RichVideo.exe ---- 116 Ko ---- Normal ---- "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" ----
C:\WINDOWS\system32\svchost.exe ---- 432 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\svchost.exe ---- 56 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\WINDOWS\system32\UTSCSI.EXE ---- 56 Ko ---- Normal ---- C:\WINDOWS\system32\UTSCSI.EXE ----
C:\WINDOWS\ehome\mcrdsvc.exe ---- 180 Ko ---- Normal ---- C:\WINDOWS\ehome\mcrdsvc.exe ----
C:\WINDOWS\system32\wscntfy.exe ---- 692 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\System32\svchost.exe ---- 216 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\WINDOWS\ehome\ehtray.exe ---- 1808 Ko ---- Normal ---- "C:\WINDOWS\ehome\ehtray.exe" ----
C:\WINDOWS\RTHDCPL.EXE ---- 1268 Ko ---- Normal ---- "C:\WINDOWS\RTHDCPL.EXE" ----
C:\WINDOWS\system32\RUNDLL32.EXE ---- 316 Ko ---- Normal ---- "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe ---- 60 Ko ---- Normal ---- "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\SysMonitor.exe ---- 696 Ko ---- Normal ---- "C:\WINDOWS\system32\SysMonitor.exe" ----
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe ---- 744 Ko ---- Normal ---- "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1 ----
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe ---- 460 Ko ---- Normal ---- "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" ----
C:\Program Files\Winamp\winampa.exe ---- 416 Ko ---- Normal ---- "C:\Program Files\Winamp\winampa.exe" ----
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe ---- 696 Ko ---- Normal ---- "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" ----
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe ---- 4664 Ko ---- Normal ---- "C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" /nogui ---- ALWIL Software
C:\WINDOWS\system32\ctfmon.exe ---- 992 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE ---- 320 Ko ---- Normal ---- "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" ----
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ---- 71392 Ko ---- Idle ---- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ----
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe ---- 8636 Ko ---- Normal ---- "C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe" ----
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe ---- 1216 Ko ---- Normal ---- "C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe" ----
C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe ---- 2100 Ko ---- Normal ---- "C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe" ---- D-LINK CORPORATION
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe ---- 392 Ko ---- Normal ---- "C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe" -auto ---- Sun Microsystems, Inc.
C:\Program Files\Alwil Software\Avast5\setup\avast.setup ---- 6600 Ko ---- Below Normal ---- "C:\Program Files\Alwil Software\Avast5\setup\avast.setup" /refresh /noreboot /updatevps /verysilent /session "0" /limitcpu ---- ALWIL Software
C:\Program Files\Internet Explorer\iexplore.exe ---- 25208 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" ---- Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe ---- 75816 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3776 CREDAT:14337 ---- Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe ---- 15444 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3776 CREDAT:79873 ---- Microsoft Corporation
C:\WINDOWS\system32\wuauclt.exe ---- 7820 Ko ---- Normal ---- "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[4f8]SUSDS7b8d4c7a7b66214da0e99a12f59c7174 ---- Microsoft Windows Component Publisher
C:\WINDOWS\system32\cmd.exe ---- 2952 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wuauclt.exe ---- 6440 Ko ---- Normal ---- "C:\WINDOWS\system32\wuauclt.exe" ---- Microsoft Windows Component Publisher
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7024 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 2924 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray = C:\WINDOWS\ehome\ehtray.exe
LaunchApp = Alaunch
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
RTHDCPL = RTHDCPL.EXE
SkyTel = SkyTel.EXE
Alcmtr = ALCMTR.EXE
ntiMUI = c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
@ =
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
IMEKRMIG6.1 = C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
Acer Empowering Technology Monitor = C:\WINDOWS\system32\SysMonitor.exe
eDataSecurity Loader = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
eRecoveryService = C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
WinampAgent = C:\Program Files\Winamp\winampa.exe
EverioService = "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
AppleSyncNotifier = C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "L:\iTunes\iTunesHelper.exe"
avast5 = C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
MbWzdFPAP-EXL600 = C:\WINDOWS\system32\FPAP-EXL600\PdtGuide.exe
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
DWQueuedReporting = "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Microsoft ActiveSync\wcescomm.exe = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application
C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program
C:\Program Files\Bonjour\mDNSResponder.exe = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
L:\iTunes\iTunes.exe = L:\iTunes\iTunes.exe:*:Enabled:iTunes
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0972B098-DEE9-4279-AC7E-4BAAA029102D}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{09C21411-B9A2-4DE6-8416-4E3B58577BE0}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{445F47D7-E043-4BD6-82EB-7A1BD0EBA773}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4C833081-D026-4FF8-968F-7EAB660D2FBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BA162249-F2C5-4851-8ADC-FC58CB424243}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1325db73-d9f1-48f8-8895-6d814ec58889}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AD9E807-EB3C-4A22-B1D9-6ABEDA2C1AF2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E12D2953-5999-45AE-AF87-F8138A8C47B0}: NameServer=212.216.212.112,212.216.172.62
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AD9E807-EB3C-4A22-B1D9-6ABEDA2C1AF2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E12D2953-5999-45AE-AF87-F8138A8C47B0}: NameServer=212.216.212.112,212.216.172.62
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8AD9E807-EB3C-4A22-B1D9-6ABEDA2C1AF2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E12D2953-5999-45AE-AF87-F8138A8C47B0}: NameServer=212.216.212.112,212.216.172.62
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A7BFD9F4-28A2-428D-801E-7B1A8ED41399}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.fr/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Win XP_64 : 72C77044943340964FA513B92D6D6874
Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
[MD5.b795475444d6d57a572c14b9e1a29839] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[MD5.4c33e5b9a6197b6ed215f6cfba0a2daa] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.d2de785aeab0bb8ca4c14a8a199dbe4e] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ SVC | svchost ¤¤¤¤¤¤¤¤¤¤
svchost.exe 1152 DcomLaunch, TermService
svchost.exe 1212 RpcSs
svchost.exe 1272 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
dmserver, ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
HidServ, lanmanserver, lanmanworkstation,
Netman, Nla, RasMan, Schedule, seclogon,
SENS, SharedAccess, ShellHWDetection,
srservice, TapiSrv, Themes, TrkWks, W32Time,
winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 1324 WudfSvc
svchost.exe 1568 Dnscache
svchost.exe 1636 LmHosts, RemoteRegistry
svchost.exe 1948 WebClient
svchost.exe 1364 SSDPSRV
svchost.exe 1056 stisvc
svchost.exe 984 HTTPFilter
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08f4cbc6-1885-11df-8968-00192157d720}\shell\autorun
@ = &Exécution automatique
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08f4cbc6-1885-11df-8968-00192157d720}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10abb1b4-8a30-11db-b2aa-00192157d720}\shell\autorun
Extended =
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10abb1b4-8a30-11db-b2aa-00192157d720}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10abb1b4-8a30-11db-b2aa-00192157d720}\shell\open\command
@ = cobn8w3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c76632b6-f416-11dc-b3a8-00192157d720}\shell\autorun
Extended =
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c76632b6-f416-11dc-b3a8-00192157d720}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e61991d7-a8d8-11de-8924-00192157d720}\shell\autorun
@ = &Exécution automatique
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e61991d7-a8d8-11de-8924-00192157d720}\shell\autorun\command
¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\software\3rd Eye Solutions]
[HKEY_CURRENT_USER\software\ABBYY]
[HKEY_CURRENT_USER\software\acer]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\software\Apple Inc.]
[HKEY_CURRENT_USER\software\Association ADIF]
[HKEY_CURRENT_USER\software\Audacity]
[HKEY_CURRENT_USER\software\Aurigma]
[HKEY_CURRENT_USER\software\AvantGo]
[HKEY_CURRENT_USER\software\CDDB]
[HKEY_CURRENT_USER\software\CeWe Color]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\Creative Tech]
[HKEY_CURRENT_USER\software\Cyberlink]
[HKEY_CURRENT_USER\software\D-Link]
[HKEY_CURRENT_USER\software\eMule]
[HKEY_CURRENT_USER\software\EPSON]
[HKEY_CURRENT_USER\software\FastReport]
[HKEY_CURRENT_USER\software\Genesis Digital Innovations]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\Lake]
[HKEY_CURRENT_USER\software\Lavasoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\MailFrontier]
[HKEY_CURRENT_USER\software\MAL]
[HKEY_CURRENT_USER\software\MAP-DN]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\monAlbumPhoto]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\NewTech Infosystems]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\NVIDIA nvCpl Container]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\PepiMK Software]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\Realtek]
[HKEY_CURRENT_USER\software\Safer Networking Limited]
[HKEY_CURRENT_USER\software\Samsung]
[HKEY_CURRENT_USER\software\SEIKO EPSON]
[HKEY_CURRENT_USER\software\stevengould.org]
[HKEY_CURRENT_USER\software\SupportSoft]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\TVANTS]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Winamp]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\Yahoo]
[HKEY_CURRENT_USER\software\Zone Labs]
[HKEY_CURRENT_USER\software\ZyDAS]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\ABBYY]
[HKEY_LOCAL_MACHINE\software\ABIG]
[HKEY_LOCAL_MACHINE\software\ACE Compression Software]
[HKEY_LOCAL_MACHINE\software\Acer]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Alice ADSL]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\AMD]
[HKEY_LOCAL_MACHINE\software\ANPSEDIC]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apple Inc.]
[HKEY_LOCAL_MACHINE\software\Atelier Photo FNAC]
[HKEY_LOCAL_MACHINE\software\AvantGo]
[HKEY_LOCAL_MACHINE\software\BrowserChoice]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\cameo]
[HKEY_LOCAL_MACHINE\software\CCleaner]
[HKEY_LOCAL_MACHINE\software\CDDB]
[HKEY_LOCAL_MACHINE\software\CentricDevelopment]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Creative Tech]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\D-Link]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\Emsi Software GmbH]
[HKEY_LOCAL_MACHINE\software\EPSON]
[HKEY_LOCAL_MACHINE\software\GEAR Software]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HPS]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\Lake]
[HKEY_LOCAL_MACHINE\software\Lavasoft]
[HKEY_LOCAL_MACHINE\software\LightScribe]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Macrovision]
[HKEY_LOCAL_MACHINE\software\MailFrontier]
[HKEY_LOCAL_MACHINE\software\MAL]
[HKEY_LOCAL_MACHINE\software\MAP-DN]
[HKEY_LOCAL_MACHINE\software\MCCI]
[HKEY_LOCAL_MACHINE\software\MDC]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MiniLab]
[HKEY_LOCAL_MACHINE\software\Mobile Application Link]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\muvee Technologies]
[HKEY_LOCAL_MACHINE\software\NewTech Infosystems]
[HKEY_LOCAL_MACHINE\software\NOS]
[HKEY_LOCAL_MACHINE\software\Nullsoft]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\OldTimer Tools]
[HKEY_LOCAL_MACHINE\software\PepiMK Software]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RichFX]
[HKEY_LOCAL_MACHINE\software\RtWLan]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Samsung Electronics Co., Ltd.]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\Sonic]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\Symantec Technical Support]
[HKEY_LOCAL_MACHINE\software\TechCity]
[HKEY_LOCAL_MACHINE\software\TrendMicro]
[HKEY_LOCAL_MACHINE\software\ViaMichelin]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\vimicro]
[HKEY_LOCAL_MACHINE\software\WebSupergoo]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
[HKEY_LOCAL_MACHINE\software\Yahoo]
[HKEY_LOCAL_MACHINE\software\Zone Labs]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\Documents and settings\fnac\RefEdit.exd
Present !! : \AUTOEXEC.BAT
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\WINDOWS\003059_.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet002\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet003\Services\MEMSWEEP2
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 08:39:02
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160812AS rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 8:44:59,93
¤¤¤¤¤¤¤¤¤¤ More informations ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤ DLLs ¤¤¤¤¤¤¤¤¤¤
------------------------------------------------------------------------------
explorer.exe pid: 1792
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0x100000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x75f10000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x404a0000 0xe6000 8.00.6001.18968 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18968 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18968 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x62dc0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\LPK.DLL
0x753c0000 0x6b000 1.420.2600.5969 C:\WINDOWS\system32\USP10.dll
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\apphelp.dll
0x75140000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x01100000 0x98000 4.06.0001.0003 C:\WINDOWS\system32\FPAP-EXL600\FileptcIconOverlay.dll
0x71ef0000 0x4000 5.01.2600.5512 C:\WINDOWS\system32\security.dll
0x5b950000 0x73000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76310000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x012a0000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x5ffb0000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76920000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76930000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76ac0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x40d30000 0xa95000 8.00.6001.18968 C:\WINDOWS\system32\ieframe.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x00d00000 0x3d000 8.00.6001.18702 C:\WINDOWS\system32\webcheck.dll
0x76540000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74a60000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x74a40000 0x8000 6.00.2900.5512 C:\WINDOWS\system32\POWRPROF.dll
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x75ef0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x71be0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll
0x76390000 0x1a9000 5.01.2600.5512 C:\WINDOWS\system32\NETSHELL.dll
0x76bb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x5b660000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x72640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x6da60000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x200e0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x75f00000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x72f80000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WZCSAPI.DLL
0x69270000 0x8d000 5.02.2600.5512 C:\WINDOWS\system32\fxsst.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x61410000 0x72000 5.02.2600.5512 C:\WINDOWS\system32\FXSAPI.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x10000000 0xa000 2.02.0000.0009 C:\WINDOWS\system32\MSNCHATHOOK.DLL
0x00bc0000 0x2f000 2.02.0000.0044 C:\WINDOWS\system32\sysenv.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x02890000 0x68000 2.02.0000.0011 C:\WINDOWS\system32\CryptoAPI.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x03aa0000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\SXS.DLL
0x04950000 0x84000 2.00.0000.0048 C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL
0x04600000 0xb000 7.00.0483.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
0x04660000 0x4000 5.03.0017.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll
0x04b20000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x04f50000 0xa6000 4.06.0001.0003 C:\WINDOWS\system32\FPAP-EXL600\FilePtcMenuM.dll
0x05130000 0x13000 1.00.0000.0000 C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
0x73d20000 0xf1000 6.02.8073.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x05250000 0x14000 2.02.0000.0011 C:\WINDOWS\system32\eDSshellExt.dll
0x7c120000 0x19000 7.10.3077.0000 C:\WINDOWS\system32\ATL71.DLL
0x64e40000 0x17000 5.00.0677.0000 C:\Program Files\Alwil Software\Avast5\ashShell.dll
------------------------------------------------------------------------------
winlogon.exe pid: 936
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x77680000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x758d0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\NDdeApi.dll
0x758c0000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\PROFMAP.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x62dc0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\LPK.DLL
0x753c0000 0x6b000 1.420.2600.5969 C:\WINDOWS\system32\USP10.dll
0x75900000 0xfa000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x4a000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x776a0000 0x24000 6.00.2900.5512 C:\WINDOWS\system32\SHSVCS.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\sfc_os.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x75140000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x72340000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\WINSCARD.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\cscdll.dll
0x46fc0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x758e0000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\WlNotify.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x01f30000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\system32\cscui.dll
0x015b0000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x74e60000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x75200000 0x37000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x74e40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x75610000 0x76000 5.01.2600.5755 C:\WINDOWS\system32\wbem\fastprox.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76740000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ed0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x748f0000 0x123000 8.100.1052.0000 C:\WINDOWS\system32\msxml3.dll
No matching processes were found.
------------------------------------------------------------------------------
svchost.exe pid: 1152
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x62dc0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\LPK.DLL
0x753c0000 0x6b000 1.420.2600.5969 C:\WINDOWS\system32\USP10.dll
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76870000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00670000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x766a0000 0x54000 5.01.2600.5512 c:\windows\system32\termsrv.dll
0x74ee0000 0x6000 5.01.2600.5512 c:\windows\system32\ICAAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 c:\windows\system32\SETUPAPI.dll
0x76be0000 0x2e000 5.131.2600.5922 c:\windows\system32\WINTRUST.dll
0x779e0000 0x97000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x75080000 0x1f000 5.01.2600.5512 c:\windows\system32\mstlsapi.dll
0x77c90000 0x32000 5.01.2600.5512 c:\windows\system32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 c:\windows\system32\adsldpc.dll
0x6fee0000 0x55000 5.01.2600.5694 c:\windows\system32\NETAPI32.dll
0x76ac0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
svchost.exe pid: 1212
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76320000 0x1d000
J'ai désactivé Zone Alarm et Avast.
Le site ci-joint.fr ne fonctionne pas, du coup je met une copie des fichiers ici.
Voilà les fichiers :
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤
User : fnac (Administrateurs)
Update on 23/11/2010 by g3n-h@ckm@n ::::: 12.00
Start at: 21:39:35 | 25/11/2010
AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : ZoneAlarm Antivirus 7.0.483.000 [ (!) Disabled | (!) Outdated ]
AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]
FW : ZoneAlarm Firewall[ (!) Disabled ]7.0.483.000
C:\ -> Disque fixe local | 71,36 Go (17,57 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 71,82 Go (12,49 Go free) [ACERDATA] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Documents and settings\fnac
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 52 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 2812 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 4712 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 2004 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 2476 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 1692 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 1764 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 26164 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 96 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup ----
C:\WINDOWS\system32\svchost.exe ---- 2416 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 56 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\Explorer.EXE ---- 20444 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe ---- 172 Ko ---- Normal ---- "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe" ---- Lavasoft AB
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 30852 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" ---- ALWIL Software
C:\WINDOWS\system32\spoolsv.exe ---- 1804 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\system32\svchost.exe ---- 56 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ---- 1488 Ko ---- Normal ---- "C:\Acer\Empowering Technology\ePerformance\MemCheck.exe" ----
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---- 156 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" ---- Apple Inc.
C:\Program Files\Bonjour\mDNSResponder.exe ---- 880 Ko ---- Normal ---- "C:\Program Files\Bonjour\mDNSResponder.exe" ---- Apple Inc.
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe ---- 56 Ko ---- Normal ---- "c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe" ----
C:\Program Files\CyberLink\Shared Files\RichVideo.exe ---- 116 Ko ---- Normal ---- "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" ----
C:\WINDOWS\system32\svchost.exe ---- 432 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\svchost.exe ---- 56 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\WINDOWS\system32\UTSCSI.EXE ---- 56 Ko ---- Normal ---- C:\WINDOWS\system32\UTSCSI.EXE ----
C:\WINDOWS\ehome\mcrdsvc.exe ---- 180 Ko ---- Normal ---- C:\WINDOWS\ehome\mcrdsvc.exe ----
C:\WINDOWS\system32\wscntfy.exe ---- 692 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\System32\svchost.exe ---- 216 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\WINDOWS\ehome\ehtray.exe ---- 1808 Ko ---- Normal ---- "C:\WINDOWS\ehome\ehtray.exe" ----
C:\WINDOWS\RTHDCPL.EXE ---- 1268 Ko ---- Normal ---- "C:\WINDOWS\RTHDCPL.EXE" ----
C:\WINDOWS\system32\RUNDLL32.EXE ---- 316 Ko ---- Normal ---- "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe ---- 60 Ko ---- Normal ---- "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\SysMonitor.exe ---- 696 Ko ---- Normal ---- "C:\WINDOWS\system32\SysMonitor.exe" ----
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe ---- 744 Ko ---- Normal ---- "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1 ----
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe ---- 460 Ko ---- Normal ---- "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" ----
C:\Program Files\Winamp\winampa.exe ---- 416 Ko ---- Normal ---- "C:\Program Files\Winamp\winampa.exe" ----
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe ---- 696 Ko ---- Normal ---- "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" ----
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe ---- 4664 Ko ---- Normal ---- "C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" /nogui ---- ALWIL Software
C:\WINDOWS\system32\ctfmon.exe ---- 992 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE ---- 320 Ko ---- Normal ---- "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" ----
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ---- 71392 Ko ---- Idle ---- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ----
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe ---- 8636 Ko ---- Normal ---- "C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe" ----
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe ---- 1216 Ko ---- Normal ---- "C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe" ----
C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe ---- 2100 Ko ---- Normal ---- "C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe" ---- D-LINK CORPORATION
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe ---- 392 Ko ---- Normal ---- "C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe" -auto ---- Sun Microsystems, Inc.
C:\Program Files\Alwil Software\Avast5\setup\avast.setup ---- 6600 Ko ---- Below Normal ---- "C:\Program Files\Alwil Software\Avast5\setup\avast.setup" /refresh /noreboot /updatevps /verysilent /session "0" /limitcpu ---- ALWIL Software
C:\Program Files\Internet Explorer\iexplore.exe ---- 25208 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" ---- Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe ---- 75816 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3776 CREDAT:14337 ---- Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe ---- 15444 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3776 CREDAT:79873 ---- Microsoft Corporation
C:\WINDOWS\system32\wuauclt.exe ---- 7820 Ko ---- Normal ---- "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[4f8]SUSDS7b8d4c7a7b66214da0e99a12f59c7174 ---- Microsoft Windows Component Publisher
C:\WINDOWS\system32\cmd.exe ---- 2952 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wuauclt.exe ---- 6440 Ko ---- Normal ---- "C:\WINDOWS\system32\wuauclt.exe" ---- Microsoft Windows Component Publisher
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7024 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 2924 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray = C:\WINDOWS\ehome\ehtray.exe
LaunchApp = Alaunch
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
RTHDCPL = RTHDCPL.EXE
SkyTel = SkyTel.EXE
Alcmtr = ALCMTR.EXE
ntiMUI = c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
@ =
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
IMEKRMIG6.1 = C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
Acer Empowering Technology Monitor = C:\WINDOWS\system32\SysMonitor.exe
eDataSecurity Loader = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
eRecoveryService = C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
WinampAgent = C:\Program Files\Winamp\winampa.exe
EverioService = "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
AppleSyncNotifier = C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "L:\iTunes\iTunesHelper.exe"
avast5 = C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
MbWzdFPAP-EXL600 = C:\WINDOWS\system32\FPAP-EXL600\PdtGuide.exe
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
DWQueuedReporting = "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Microsoft ActiveSync\wcescomm.exe = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application
C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program
C:\Program Files\Bonjour\mDNSResponder.exe = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
L:\iTunes\iTunes.exe = L:\iTunes\iTunes.exe:*:Enabled:iTunes
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0972B098-DEE9-4279-AC7E-4BAAA029102D}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{09C21411-B9A2-4DE6-8416-4E3B58577BE0}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{445F47D7-E043-4BD6-82EB-7A1BD0EBA773}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4C833081-D026-4FF8-968F-7EAB660D2FBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BA162249-F2C5-4851-8ADC-FC58CB424243}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1325db73-d9f1-48f8-8895-6d814ec58889}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AD9E807-EB3C-4A22-B1D9-6ABEDA2C1AF2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E12D2953-5999-45AE-AF87-F8138A8C47B0}: NameServer=212.216.212.112,212.216.172.62
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AD9E807-EB3C-4A22-B1D9-6ABEDA2C1AF2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E12D2953-5999-45AE-AF87-F8138A8C47B0}: NameServer=212.216.212.112,212.216.172.62
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8AD9E807-EB3C-4A22-B1D9-6ABEDA2C1AF2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E12D2953-5999-45AE-AF87-F8138A8C47B0}: NameServer=212.216.212.112,212.216.172.62
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A7BFD9F4-28A2-428D-801E-7B1A8ED41399}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.fr/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Win XP_64 : 72C77044943340964FA513B92D6D6874
Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
[MD5.b795475444d6d57a572c14b9e1a29839] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[MD5.4c33e5b9a6197b6ed215f6cfba0a2daa] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.d2de785aeab0bb8ca4c14a8a199dbe4e] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ SVC | svchost ¤¤¤¤¤¤¤¤¤¤
svchost.exe 1152 DcomLaunch, TermService
svchost.exe 1212 RpcSs
svchost.exe 1272 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
dmserver, ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
HidServ, lanmanserver, lanmanworkstation,
Netman, Nla, RasMan, Schedule, seclogon,
SENS, SharedAccess, ShellHWDetection,
srservice, TapiSrv, Themes, TrkWks, W32Time,
winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 1324 WudfSvc
svchost.exe 1568 Dnscache
svchost.exe 1636 LmHosts, RemoteRegistry
svchost.exe 1948 WebClient
svchost.exe 1364 SSDPSRV
svchost.exe 1056 stisvc
svchost.exe 984 HTTPFilter
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08f4cbc6-1885-11df-8968-00192157d720}\shell\autorun
@ = &Exécution automatique
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08f4cbc6-1885-11df-8968-00192157d720}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10abb1b4-8a30-11db-b2aa-00192157d720}\shell\autorun
Extended =
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10abb1b4-8a30-11db-b2aa-00192157d720}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10abb1b4-8a30-11db-b2aa-00192157d720}\shell\open\command
@ = cobn8w3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c76632b6-f416-11dc-b3a8-00192157d720}\shell\autorun
Extended =
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c76632b6-f416-11dc-b3a8-00192157d720}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e61991d7-a8d8-11de-8924-00192157d720}\shell\autorun
@ = &Exécution automatique
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e61991d7-a8d8-11de-8924-00192157d720}\shell\autorun\command
¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\software\3rd Eye Solutions]
[HKEY_CURRENT_USER\software\ABBYY]
[HKEY_CURRENT_USER\software\acer]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\software\Apple Inc.]
[HKEY_CURRENT_USER\software\Association ADIF]
[HKEY_CURRENT_USER\software\Audacity]
[HKEY_CURRENT_USER\software\Aurigma]
[HKEY_CURRENT_USER\software\AvantGo]
[HKEY_CURRENT_USER\software\CDDB]
[HKEY_CURRENT_USER\software\CeWe Color]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\Creative Tech]
[HKEY_CURRENT_USER\software\Cyberlink]
[HKEY_CURRENT_USER\software\D-Link]
[HKEY_CURRENT_USER\software\eMule]
[HKEY_CURRENT_USER\software\EPSON]
[HKEY_CURRENT_USER\software\FastReport]
[HKEY_CURRENT_USER\software\Genesis Digital Innovations]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\Lake]
[HKEY_CURRENT_USER\software\Lavasoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\MailFrontier]
[HKEY_CURRENT_USER\software\MAL]
[HKEY_CURRENT_USER\software\MAP-DN]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\monAlbumPhoto]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\NewTech Infosystems]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\NVIDIA nvCpl Container]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\PepiMK Software]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\Realtek]
[HKEY_CURRENT_USER\software\Safer Networking Limited]
[HKEY_CURRENT_USER\software\Samsung]
[HKEY_CURRENT_USER\software\SEIKO EPSON]
[HKEY_CURRENT_USER\software\stevengould.org]
[HKEY_CURRENT_USER\software\SupportSoft]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\TVANTS]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Winamp]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\Yahoo]
[HKEY_CURRENT_USER\software\Zone Labs]
[HKEY_CURRENT_USER\software\ZyDAS]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\ABBYY]
[HKEY_LOCAL_MACHINE\software\ABIG]
[HKEY_LOCAL_MACHINE\software\ACE Compression Software]
[HKEY_LOCAL_MACHINE\software\Acer]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Alice ADSL]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\AMD]
[HKEY_LOCAL_MACHINE\software\ANPSEDIC]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apple Inc.]
[HKEY_LOCAL_MACHINE\software\Atelier Photo FNAC]
[HKEY_LOCAL_MACHINE\software\AvantGo]
[HKEY_LOCAL_MACHINE\software\BrowserChoice]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\cameo]
[HKEY_LOCAL_MACHINE\software\CCleaner]
[HKEY_LOCAL_MACHINE\software\CDDB]
[HKEY_LOCAL_MACHINE\software\CentricDevelopment]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Creative Tech]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\D-Link]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\Emsi Software GmbH]
[HKEY_LOCAL_MACHINE\software\EPSON]
[HKEY_LOCAL_MACHINE\software\GEAR Software]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HPS]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\Lake]
[HKEY_LOCAL_MACHINE\software\Lavasoft]
[HKEY_LOCAL_MACHINE\software\LightScribe]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Macrovision]
[HKEY_LOCAL_MACHINE\software\MailFrontier]
[HKEY_LOCAL_MACHINE\software\MAL]
[HKEY_LOCAL_MACHINE\software\MAP-DN]
[HKEY_LOCAL_MACHINE\software\MCCI]
[HKEY_LOCAL_MACHINE\software\MDC]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MiniLab]
[HKEY_LOCAL_MACHINE\software\Mobile Application Link]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\muvee Technologies]
[HKEY_LOCAL_MACHINE\software\NewTech Infosystems]
[HKEY_LOCAL_MACHINE\software\NOS]
[HKEY_LOCAL_MACHINE\software\Nullsoft]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\OldTimer Tools]
[HKEY_LOCAL_MACHINE\software\PepiMK Software]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RichFX]
[HKEY_LOCAL_MACHINE\software\RtWLan]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Samsung Electronics Co., Ltd.]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\Sonic]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\Symantec Technical Support]
[HKEY_LOCAL_MACHINE\software\TechCity]
[HKEY_LOCAL_MACHINE\software\TrendMicro]
[HKEY_LOCAL_MACHINE\software\ViaMichelin]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\vimicro]
[HKEY_LOCAL_MACHINE\software\WebSupergoo]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
[HKEY_LOCAL_MACHINE\software\Yahoo]
[HKEY_LOCAL_MACHINE\software\Zone Labs]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\Documents and settings\fnac\RefEdit.exd
Present !! : \AUTOEXEC.BAT
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\WINDOWS\003059_.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet002\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet003\Services\MEMSWEEP2
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 08:39:02
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160812AS rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 8:44:59,93
¤¤¤¤¤¤¤¤¤¤ More informations ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤ DLLs ¤¤¤¤¤¤¤¤¤¤
------------------------------------------------------------------------------
explorer.exe pid: 1792
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0x100000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x75f10000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x404a0000 0xe6000 8.00.6001.18968 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.18968 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e8000 8.00.6001.18968 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x62dc0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\LPK.DLL
0x753c0000 0x6b000 1.420.2600.5969 C:\WINDOWS\system32\USP10.dll
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\apphelp.dll
0x75140000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x01100000 0x98000 4.06.0001.0003 C:\WINDOWS\system32\FPAP-EXL600\FileptcIconOverlay.dll
0x71ef0000 0x4000 5.01.2600.5512 C:\WINDOWS\system32\security.dll
0x5b950000 0x73000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76310000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x012a0000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x5ffb0000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76920000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76930000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76ac0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x40d30000 0xa95000 8.00.6001.18968 C:\WINDOWS\system32\ieframe.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x00d00000 0x3d000 8.00.6001.18702 C:\WINDOWS\system32\webcheck.dll
0x76540000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74a60000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x74a40000 0x8000 6.00.2900.5512 C:\WINDOWS\system32\POWRPROF.dll
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x75ef0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x71be0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll
0x76390000 0x1a9000 5.01.2600.5512 C:\WINDOWS\system32\NETSHELL.dll
0x76bb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x5b660000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x72640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x6da60000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x200e0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x75f00000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x72f80000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WZCSAPI.DLL
0x69270000 0x8d000 5.02.2600.5512 C:\WINDOWS\system32\fxsst.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x61410000 0x72000 5.02.2600.5512 C:\WINDOWS\system32\FXSAPI.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x10000000 0xa000 2.02.0000.0009 C:\WINDOWS\system32\MSNCHATHOOK.DLL
0x00bc0000 0x2f000 2.02.0000.0044 C:\WINDOWS\system32\sysenv.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x02890000 0x68000 2.02.0000.0011 C:\WINDOWS\system32\CryptoAPI.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x03aa0000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\SXS.DLL
0x04950000 0x84000 2.00.0000.0048 C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL
0x04600000 0xb000 7.00.0483.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
0x04660000 0x4000 5.03.0017.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll
0x04b20000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x04f50000 0xa6000 4.06.0001.0003 C:\WINDOWS\system32\FPAP-EXL600\FilePtcMenuM.dll
0x05130000 0x13000 1.00.0000.0000 C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
0x73d20000 0xf1000 6.02.8073.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x05250000 0x14000 2.02.0000.0011 C:\WINDOWS\system32\eDSshellExt.dll
0x7c120000 0x19000 7.10.3077.0000 C:\WINDOWS\system32\ATL71.DLL
0x64e40000 0x17000 5.00.0677.0000 C:\Program Files\Alwil Software\Avast5\ashShell.dll
------------------------------------------------------------------------------
winlogon.exe pid: 936
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x77680000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x758d0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\NDdeApi.dll
0x758c0000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\PROFMAP.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x62dc0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\LPK.DLL
0x753c0000 0x6b000 1.420.2600.5969 C:\WINDOWS\system32\USP10.dll
0x75900000 0xfa000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x4a000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x776a0000 0x24000 6.00.2900.5512 C:\WINDOWS\system32\SHSVCS.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\sfc_os.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x75140000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x72340000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\WINSCARD.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\cscdll.dll
0x46fc0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x758e0000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\WlNotify.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x01f30000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\system32\cscui.dll
0x015b0000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x74e60000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x75200000 0x37000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x74e40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x75610000 0x76000 5.01.2600.5755 C:\WINDOWS\system32\wbem\fastprox.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76740000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ed0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x748f0000 0x123000 8.100.1052.0000 C:\WINDOWS\system32\msxml3.dll
No matching processes were found.
------------------------------------------------------------------------------
svchost.exe pid: 1152
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x62dc0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\LPK.DLL
0x753c0000 0x6b000 1.420.2600.5969 C:\WINDOWS\system32\USP10.dll
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76870000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00670000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x766a0000 0x54000 5.01.2600.5512 c:\windows\system32\termsrv.dll
0x74ee0000 0x6000 5.01.2600.5512 c:\windows\system32\ICAAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 c:\windows\system32\SETUPAPI.dll
0x76be0000 0x2e000 5.131.2600.5922 c:\windows\system32\WINTRUST.dll
0x779e0000 0x97000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x75080000 0x1f000 5.01.2600.5512 c:\windows\system32\mstlsapi.dll
0x77c90000 0x32000 5.01.2600.5512 c:\windows\system32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 c:\windows\system32\adsldpc.dll
0x6fee0000 0x55000 5.01.2600.5694 c:\windows\system32\NETAPI32.dll
0x76ac0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
svchost.exe pid: 1212
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76320000 0x1d000
