PC lent qui affiche trop de message d'erreurs
ib02
Messages postés
263
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Je reviens avec un autre PC qui me cause pas mal de problèmes au Service (affiche de message d'erreurs intempestives; lenteur; ...). Je crois que je suis victime de virus; mon antivir ne fonctionne presque plus et quand je connecte une clé usb, elle est bourrée de fichiers bizzares et certains contenus deviennent des raccourcis et innaccessibles. Je m'inquiète!
Je reviens avec un autre PC qui me cause pas mal de problèmes au Service (affiche de message d'erreurs intempestives; lenteur; ...). Je crois que je suis victime de virus; mon antivir ne fonctionne presque plus et quand je connecte une clé usb, elle est bourrée de fichiers bizzares et certains contenus deviennent des raccourcis et innaccessibles. Je m'inquiète!
A voir également:
- PC lent qui affiche trop de message d'erreurs
- Pc lent - Guide
- Reinitialiser pc - Guide
- Mon pc est trop lent et se bloque - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Recuperer message whatsapp supprimé - Guide
89 réponses
Salut, au fait l'ordi tourne sur le cd-live et non sur XP comme vous me l'avez deconseiller. Et je n'y vois que l'option export du journal du scan. Lorsque j'ai voulu mettre ce fichier (exporte) sur le site cijoint.fr, on m'indique que le format n'est pas correct :-(
Ou bien je retourne sur XP? juste le temps de l'envoi.
Ou bien je retourne sur XP? juste le temps de l'envoi.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
sous CDLive :
telecharge ca et mets-le dans le dossier d'installation de List_kill'em
(c'est un composant et drweb l'a mangé lol)
=> C:\Program Files\List_kill'em
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/tmp/Proc_end.exe
ensuite :
telecharge ca , les explications sont donnnées en dessous :
http://support.kaspersky.com/fr/downloads/utils/salitykiller.zip
===========================================
ensuite :
redémarre ton pc en mode sans échec tout court , pas en mode sans echec avec prise en charge réseau
si il ne demarre pas en mode sans echec tout court , remets-toi sous cdlive et reviens me le dire , ne redemarre surtout pas en mode normal ,
===========================================
ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
FILE:C:\Documents and Settings\Secrétaire\Bureau\musics Amara2\Videos\Videos.exe
FILE:F:\VOLIMTE\dvaortaka.exe
FILE:C:\WINDOWS\System32\ALZALZ.BIN
FILE:C:\WINDOWS\System32\ALZZip.BIN
ADD:"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d 0x91
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "NeroFilterCheck"
REM:"HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list"
REM:HKEY_CURRENT_USER\software\wrfke
KLOOK:HKEY_CURRENT_USER\software\Aaspp
KLOOK:HKEY_CURRENT_USER\software\Admin914
SIGN:C:\WINDOWS\System32\LedCommon.dll
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
tu me posteras le rapport plus tard
======================================
ensuite :
lance salitykiller et laisse-le faire son scan jusqu'au bout
======================================
ensuite :
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
========================================
ensuite redemarre sous cdlive et poste tous les rapports correspondants
G3?-?@¢??@?......Concepteur de List_Kill'em...
telecharge ca et mets-le dans le dossier d'installation de List_kill'em
(c'est un composant et drweb l'a mangé lol)
=> C:\Program Files\List_kill'em
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/tmp/Proc_end.exe
ensuite :
telecharge ca , les explications sont donnnées en dessous :
http://support.kaspersky.com/fr/downloads/utils/salitykiller.zip
===========================================
ensuite :
redémarre ton pc en mode sans échec tout court , pas en mode sans echec avec prise en charge réseau
si il ne demarre pas en mode sans echec tout court , remets-toi sous cdlive et reviens me le dire , ne redemarre surtout pas en mode normal ,
===========================================
ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
FILE:C:\Documents and Settings\Secrétaire\Bureau\musics Amara2\Videos\Videos.exe
FILE:F:\VOLIMTE\dvaortaka.exe
FILE:C:\WINDOWS\System32\ALZALZ.BIN
FILE:C:\WINDOWS\System32\ALZZip.BIN
ADD:"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d 0x91
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "NeroFilterCheck"
REM:"HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list"
REM:HKEY_CURRENT_USER\software\wrfke
KLOOK:HKEY_CURRENT_USER\software\Aaspp
KLOOK:HKEY_CURRENT_USER\software\Admin914
SIGN:C:\WINDOWS\System32\LedCommon.dll
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
tu me posteras le rapport plus tard
======================================
ensuite :
lance salitykiller et laisse-le faire son scan jusqu'au bout
======================================
ensuite :
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
========================================
ensuite redemarre sous cdlive et poste tous les rapports correspondants
G3?-?@¢??@?......Concepteur de List_Kill'em...
Salut, j'arrive pas à afficher le premier lien. J'ai fait plusieurs tentatives en vain! Sinon j'ai déjà téléchargé le second utilitaire (salityKiller)
Le mode sans échec ne passe pas non plus :-(
précise stp !
messages d'erreurs , pas d'accès , ecran noir ? combien de temps attends-tu ? quelles manips fais-tu pour y acceder ?
précise stp !
messages d'erreurs , pas d'accès , ecran noir ? combien de temps attends-tu ? quelles manips fais-tu pour y acceder ?
Quand je lance XP, au moment du demarrage, bien avant l'affichage du logo 'Windows XP ...', je tapote sur la touche f8; et je choisi mode sans echec parmi les autres modes de demarrage. Mais, il revient toujours sur ce meme ecran de choix, apres avoir tenter le lancement. C'est a dire quand je choisi mode sans echec, il y a tentative de demarrage, mais le system revient sur l'ecran de choix.
ok
grave sality killer sur un cd , prends un cdrw ca permettra de pas le gaspiller pour quelques Mo
debranche le cable internet , redemarre en mode normal , lance sality killer à partir du cd , une fois qu'il a fini ,
fais le script , redemarre sous livecd , rebranche le cable internet , puis poste le ou les rapports
grave sality killer sur un cd , prends un cdrw ca permettra de pas le gaspiller pour quelques Mo
debranche le cable internet , redemarre en mode normal , lance sality killer à partir du cd , une fois qu'il a fini ,
fais le script , redemarre sous livecd , rebranche le cable internet , puis poste le ou les rapports
juste en dessous du passage qui concerne le mode sans echec au dessus
au pire colle la procedure dans un document texte que tu retrouveras sous windows , tu le mets dans C:\
au pire colle la procedure dans un document texte que tu retrouveras sous windows , tu le mets dans C:\
Je viens de faire le script et le rapport est accessible ici:
http://www.cijoint.fr/cjlink.php?file=cj201102/cij28IwEs7.txt
Je souligne que l'execution de sality killer n'a pas fourni de rapport. Et puis je me suis servi de ma cle usb, puis que j'avais pas de CD sous la main.
http://www.cijoint.fr/cjlink.php?file=cj201102/cij28IwEs7.txt
Je souligne que l'execution de sality killer n'a pas fourni de rapport. Et puis je me suis servi de ma cle usb, puis que j'avais pas de CD sous la main.
ok
redemarre ton pc sous windows en mode normal , supprime le dossier d'installation de list_kill'em dans program files , retelecharge-le ,installe-le, puis refais le mode search toute protections desactivées parefeu compris
redemarre ton pc sous windows en mode normal , supprime le dossier d'installation de list_kill'em dans program files , retelecharge-le ,installe-le, puis refais le mode search toute protections desactivées parefeu compris
J'anticipe, voici les rapports :-)
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤
File Installation : C:\Documents and Settings\Admin\Bureau\List_Killem_Install.exe
User : Admin (Utilisateurs)
Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
Start at: 18:42:08 | 21/02/2011
Intel(R) Pentium(R) 4 CPU 2.93GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Disabled
AV : Avira AntiVir PersonalEdition 6.38.0.225
[ (!) Disabled | (!) Outdated ]
AV : avast! Antivirus 5.0.83886969 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 75,77 Go (46,7 Go free) [Syst] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 73,27 Go (51,94 Go free) [Caisse] | NTFS
F:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
M:\ -> Disque amovible | 1,86 Go (1,75 Go free) [LEXAR] | FAT32
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Documents and settings\Admin
C:\Documents and settings\Public
Boot: Normal
¤¤¤¤¤¤ Processes -- Memory(Ko) -- Priority -- User -- Command -- Signer
C:\WINDOWS\System32\smss.exe -- 432 Ko -- Normal -- SYSTEM -- \SystemRoot\System32\smss.exe --
C:\WINDOWS\system32\csrss.exe -- 4228 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 --
C:\WINDOWS\system32\winlogon.exe -- 3628 Ko -- High -- SYSTEM -- winlogon.exe --
C:\WINDOWS\system32\services.exe -- 4412 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\services.exe --
C:\WINDOWS\system32\lsass.exe -- 6420 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\lsass.exe --
C:\WINDOWS\system32\svchost.exe -- 5008 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\svchost -k DcomLaunch --
C:\WINDOWS\system32\svchost.exe -- 4272 Ko -- Normal -- -- C:\WINDOWS\system32\svchost -k rpcss --
C:\WINDOWS\System32\svchost.exe -- 26920 Ko -- Normal -- SYSTEM -- C:\WINDOWS\System32\svchost.exe -k netsvcs --
C:\WINDOWS\system32\svchost.exe -- 3604 Ko -- Normal -- SERVICE RÉSEAU -- C:\WINDOWS\system32\svchost.exe -k NetworkService --
C:\WINDOWS\system32\svchost.exe -- 3912 Ko -- Normal -- SERVICE LOCAL -- C:\WINDOWS\system32\svchost.exe -k LocalService --
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- 23216 Ko -- Normal -- SYSTEM -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- ALWIL Software
C:\WINDOWS\system32\spoolsv.exe -- 5568 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\spoolsv.exe --
C:\WINDOWS\system32\svchost.exe -- 3804 Ko -- Normal -- -- C:\WINDOWS\system32\svchost.exe -k LocalService --
C:\WINDOWS\System32\svchost.exe -- 3736 Ko -- Normal -- SYSTEM -- C:\WINDOWS\System32\svchost.exe -k eapsvcs --
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- 2940 Ko -- Normal -- SYSTEM -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- Microsoft Corporation
C:\WINDOWS\system32\svchost.exe -- 4396 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\svchost.exe -k imgsvc --
C:\WINDOWS\system32\wuauclt.exe -- 8308 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\wuauclt.exe /RunStoreAsComServer Local\[3b4]SUSDS8aaf79c0e450a446a00672a355fb04ba -- Microsoft Windows Component Publisher
C:\WINDOWS\Explorer.EXE -- 29784 Ko -- Normal -- Admin -- C:\WINDOWS\Explorer.EXE --
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe -- 6088 Ko -- Normal -- Admin -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui -- ALWIL Software
C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe -- 4104 Ko -- Normal -- Admin -- C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe -r --
C:\Program Files\SuperCopier2\SuperCopier2.exe -- 3712 Ko -- Normal -- Admin -- C:\Program Files\SuperCopier2\SuperCopier2.exe --
C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE -- 14380 Ko -- Normal -- Admin -- C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE -m -- Microsoft Corporation
C:\WINDOWS\system32\ctfmon.exe -- 3248 Ko -- Normal -- Admin -- C:\WINDOWS\system32\ctfmon.exe --
C:\WINDOWS\system32\wscntfy.exe -- 2468 Ko -- Normal -- Admin -- C:\WINDOWS\system32\wscntfy.exe --
C:\WINDOWS\system32\wuauclt.exe -- 4300 Ko -- Normal -- Admin -- C:\WINDOWS\system32\wuauclt.exe -- Microsoft Windows Component Publisher
C:\WINDOWS\system32\cmd.exe -- 1824 Ko -- Normal -- Admin -- cmd /c C:\Program Files\List_Kill'em\List'em.bat --
C:\WINDOWS\system32\wbem\wmiprvse.exe -- 6844 Ko -- Normal -- -- C:\WINDOWS\system32\wbem\wmiprvse.exe --
C:\Program Files\List_Kill'em\pv.exe -- 2796 Ko -- Normal -- Admin -- pv.exe -o%f -- %m Ko -- %p -- %u -- %l -- %s --
¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SuperCopier2.exe = C:\Program Files\SuperCopier2\SuperCopier2.exe
E09FXLRD_22205234 = C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE -m
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avast5 = C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
CreateCD50 = C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe -r
AdaptecDirectCD = C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Policies\explorer
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)
NoLogOff = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoLogoff = 0 (0x0)
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ AppInit_DLLS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\WINDOWS\System32\userinit.exe,
System =
VMApplet = rundll32 shell32,Control_RunDLL sysdm.cpl
PowerdownAfterShutdown = 0
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Explorer\ShellExecuteHooks
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤ ActivX
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
¤¤¤¤¤¤¤¤¤¤ Open Ports
¤¤¤¤¤¤¤¤¤¤ BHO
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
¤¤¤¤¤¤¤¤¤¤ DNS
DNS Server Search Order: 172.16.0.111
DNS Server Search Order: 172.16.0.20
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1BA7E80D-4A9F-46D1-8BE8-689C412B9CDE}: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1BA7E80D-4A9F-46D1-8BE8-689C412B9CDE}: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1BA7E80D-4A9F-46D1-8BE8-689C412B9CDE}: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
¤¤¤¤¤¤¤¤¤¤ Internet Explorer
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤ Proxy
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 1 (0x1)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ SVC | svchost
svchost.exe 824 DcomLaunch, TermService
svchost.exe 880 RpcSs
svchost.exe 948 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
dmserver, ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
HidServ, LanmanServer, lanmanworkstation,
Netman, Nla, RasMan, Schedule, seclogon,
SENS, SharedAccess, ShellHWDetection,
srservice, TapiSrv, Themes, TrkWks, W32Time,
winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 996 Dnscache
svchost.exe 1064 LmHosts, RemoteRegistry, SSDPSRV
svchost.exe 1592 WebClient
svchost.exe 1648 EapHost
svchost.exe 1928 stisvc
¤¤¤¤¤¤¤¤¤¤ IFEO | debugger
¤¤¤¤¤¤¤¤¤¤ Mountpoints2
¤¤¤¤¤¤¤¤¤¤ Services
¤ Ndisuio -> Start : 3 ( OK = 3 )
¤ EapHost -> Start : 2 ( OK = 2 )
¤ Ip6Fw -> Start : 2 ( OK = 2 )
¤ SharedAccess -> Start : 2 ( OK = 2 )
¤ wuauserv -> Start : 2 ( OK = 2 )
¤ wscsvc -> Start : 2 ( OK = 2 )
¤¤¤¤¤¤¤¤¤¤ First Scan
¤¤¤¤¤¤¤¤¤¤ HKCU | HKLM
[HKEY_CURRENT_USER\software\Aaspp]
[HKEY_CURRENT_USER\software\Actecom]
[HKEY_CURRENT_USER\software\Adaptec]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\Ahead]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\ashampoo]
[HKEY_CURRENT_USER\software\ASIO4ALL v2 by Wuschel]
[HKEY_CURRENT_USER\software\Avira]
[HKEY_CURRENT_USER\software\Carambis]
[HKEY_CURRENT_USER\software\ESTsoft]
[HKEY_CURRENT_USER\software\Gaijin]
[HKEY_CURRENT_USER\software\GlarySoft]
[HKEY_CURRENT_USER\software\Hewlett-Packard]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\KasperskyLab]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\MicroVision]
[HKEY_CURRENT_USER\software\Nero]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Northcode Inc]
[HKEY_CURRENT_USER\software\Northern Codeworks]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Opera Software]
[HKEY_CURRENT_USER\software\PC SOFT]
[HKEY_CURRENT_USER\software\PDFCreator]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\PowerQuest]
[HKEY_CURRENT_USER\software\PremiumSoft]
[HKEY_CURRENT_USER\software\Rapidtyping]
[HKEY_CURRENT_USER\software\SFX TEAM]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\TVideoGrabber]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\wrfke]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\Adaptec]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Agere]
[HKEY_LOCAL_MACHINE\software\Ahead]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\Ashampoo]
[HKEY_LOCAL_MACHINE\software\Audible]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\CDDB]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\ESTsoft]
[HKEY_LOCAL_MACHINE\software\FreeCDRIP]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\GlarySoft]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\H+BEDV]
[HKEY_LOCAL_MACHINE\software\Hewlett-Packard]
[HKEY_LOCAL_MACHINE\software\HP]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\knight]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\Nero]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Ontrack]
[HKEY_LOCAL_MACHINE\software\PhotoFiltre]
[HKEY_LOCAL_MACHINE\software\Piriform]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\PowerQuest]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\RapidTyping]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\Roxio]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\Shunsoft]
[HKEY_LOCAL_MACHINE\software\Sony Corporation]
[HKEY_LOCAL_MACHINE\software\SONY PVC]
[HKEY_LOCAL_MACHINE\software\TrendMicro]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\X-AVCSD]
[HKEY_LOCAL_MACHINE\software\Yahoo]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : \AUTOEXEC.BAT
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\WINDOWS\SET34.tmp
Present !! : C:\WINDOWS\SET37.tmp
Present !! : C:\WINDOWS\SET43.tmp
Present !! : C:\WINDOWS\SET50.tmp
Present !! : C:\WINDOWS\SET53.tmp
Present !! : C:\WINDOWS\SET5F.tmp
Present !! : C:\WINDOWS\Fonts\GRGAREF.TTF
Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-21 18:44:49
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y160M0 rev.YAR511W0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x82D859C0]
3 CLASSPNP[0xF8693FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP1T0L0-e[0x82DD3030]
kernel: MBR read successfully
user & kernel MBR OK
# Boot Size (MB) Type
1 Yes 77593 7 NTFS or HPFS
2 75031 15 WIN95: Extended partition, LBA-mapped
3 0 0 None
4 0 0 None
\.\C: --> \.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
\.\E: --> \.\PhysicalDrive0 at offset 0x00000012'f1963e00 (NTFS)
Size Device Name MBR Status
--------------------------------------------
149 GB \.\PhysicalDrive0 Windows XP MBR code detected
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 18:45:59
***************************************************************
¤¤¤¤¤¤¤¤¤¤ More informations ¤¤¤¤¤¤¤¤¤¤
21/02 - 18:45
¤¤¤¤¤¤¤¤¤¤¤ Firewall Rules ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
¤¤¤¤¤¤¤¤¤¤¤ firewallpolicy
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
¤¤¤¤¤¤¤¤¤¤¤ DLLs ¤¤¤¤¤¤¤¤¤¤
------------------------------------------------------------------------------
explorer.exe pid: 1860
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0x100000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x75f10000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x404a0000 0xe6000 8.00.6001.19019 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.19019 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e9000 8.00.6001.19019 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\apphelp.dll
0x75140000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x5b950000 0x73000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76310000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x01100000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x5ffb0000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x4c5a0000 0x18000 9.00.0000.4503 C:\PROGRA~1\WINDOW~2\wmpband.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76920000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76930000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76ac0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x40d30000 0xa95000 8.00.6001.19019 C:\WINDOWS\system32\ieframe.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x76390000 0x1a9000 5.01.2600.5512 C:\WINDOWS\system32\NETSHELL.dll
0x76bb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x5b660000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x72640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x6da60000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x200e0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x10000000 0x17000 1.50.0001.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x01db0000 0x3d000 8.00.6001.18702 C:\WINDOWS\system32\webcheck.dll
0x76540000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74a60000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x74a40000 0x8000 6.00.2900.5512 C:\WINDOWS\system32\POWRPROF.dll
0x00d60000 0x11000 7.00.0000.0010 C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL
0x022e0000 0x56000 7.10.3052.0004 C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x00d90000 0xd000 1.01.0000.0137 E:\UTILIT~1\GLARYU~1\CONTEX~1.DLL
0x40000000 0xc6000 7.00.0004.0453 E:\UTILIT~1\GLARYU~1\rtl70.bpl
0x71a10000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\wsock32.dll
0x02610000 0x157000 7.00.0004.0453 E:\UTILIT~1\GLARYU~1\vcl70.bpl
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\winspool.drv
0x76340000 0x4a000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x7e1e0000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\oledlg.dll
0x02870000 0x202000 3.01.0001.0001 C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x4eb80000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x75ba0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\MSVFW32.dll
0x01e10000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL
0x698e0000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\Faultrep.dll
0x73230000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\RICHED32.DLL
0x74da0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll
0x02b80000 0x488000 1.03.0001.0207 C:\Program Files\Fichiers communs\Nero\Shared\NL3\AdvrCntr3.dll
0x64e40000 0x17000 5.00.0396.0000 C:\Program Files\Alwil Software\Avast5\ashShell.dll
0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x75ef0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x71be0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll
0x75f00000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x75900000 0xfa000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x74730000 0x3d000 3.525.3012.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x6c650000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x73af0000 0x14000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll
0x74a50000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\CFGMGR32.dll
0x038b0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x03640000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
------------------------------------------------------------------------------
winlogon.exe pid: 612
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x77680000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x758d0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\NDdeApi.dll
0x758c0000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\PROFMAP.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x75900000 0xfa000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.3012.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x4a000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x776a0000 0x24000 6.00.2900.5512 C:\WINDOWS\system32\SHSVCS.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\sfc_os.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x75140000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x72340000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\WINSCARD.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\cscdll.dll
0x46fc0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x758e0000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\WlNotify.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\wldap32.dll
0x76e90000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\RASAPI32.dll
0x76e40000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\rasman.dll
0x76e60000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\TAPI32.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\system32\cscui.dll
0x01680000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
No matching processes were found.
------------------------------------------------------------------------------
svchost.exe pid: 824
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76870000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00670000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x766a0000 0x54000 5.01.2600.5512 c:\windows\system32\termsrv.dll
0x74ee0000 0x6000 5.01.2600.5512 c:\windows\system32\ICAAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 c:\windows\system32\SETUPAPI.dll
0x76be0000 0x2e000 5.131.2600.5922 c:\windows\system32\WINTRUST.dll
0x779e0000 0x97000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x75080000 0x1f000 5.01.2600.5512 c:\windows\system32\mstlsapi.dll
0x77c90000 0x32000 5.01.2600.5512 c:\windows\system32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 c:\windows\system32\adsldpc.dll
0x6fee0000 0x55000 5.01.2600.5694 c:\windows\system32\NETAPI32.dll
0x76ac0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
svchost.exe pid: 880
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x76870000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00670000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x76f60000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
------------------------------------------------------------------------------
svchost.exe pid: 948
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x00630000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x776a0000 0x24000 6.00.2900.5512 c:\windows\system32\shsvcs.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\WINSTA.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\System32\NETAPI32.dll
0x7d4d0000 0x22000 5.01.2600.5512 c:\windows\system32\dhcpcsvc.dll
0x76ed0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\System32\rsaenh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x7db30000 0x8c000 5.01.2600.5512 c:\windows\system32\wzcsvc.dll
0x76e30000 0xe000 5.01.2600.5512 c:\windows\system32\rtutils.dll
0x76ce0000 0x4000 5.01.2600.5512 c:\windows\system32\WMI.dll
0x779e0000 0x97000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x71780000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll
0x76ac0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x5bdf0000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll
0x76010000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x5b660000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll
0x76f00000 0x8000 5.01.2600.5512 c:\windows\system32\WTSAPI32.dll
0x6f890000 0x111000 5.01.2600.5512 c:\windows\system32\ESENT.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x7d500000 0x27000 5.01.2600.5886 C:\WINDOWS\System32\rastls.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\System32\CRYPTUI.dll
0x404a0000 0xe6000 8.00.6001.19019 C:\WINDOWS\system32\WININET.dll
0x014e0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.19019 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e9000 8.00.6001.19019 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\System32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76cf0000 0x18000 5.01.2600.5512 C:\WINDOWS\System32\MPRAPI.dll
0x77c90000 0x32000 5.01.2600.5512 C:\WINDOWS\System32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 C:\WINDOWS\System32\adsldpc.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\System32\SETUPAPI.dll
0x76e90000 0x3c000 5.01.2600.5512 C:\WINDOWS\System32\RASAPI32.dll
0x76e40000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\rasman.dll
0x76e60000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\TAPI32.dll
0x76790000 0x28000 5.01.2600.6006 C:\WINDOWS\System32\SCHANNEL.dll
0x72340000 0x1c000 5.01.2600.5512 C:\WINDOWS\System32\WinSCard.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\PSAPI.DLL
0x76c90000 0x16000 5.01.2600.5886 C:\WINDOWS\System32\raschap.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll
0x76b10000 0x34000 5.01.2600.5512 c:\windows\system32\schedsvc.dll
0x76740000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll
0x74ec0000 0x5000 6.00.2900.5512 C:\WINDOWS\System32\MSIDLE.DLL
0x70da0000 0xd000 5.01.2600.5512 c:\windows\system32\audiosrv.dll
0x772d0000 0x23000 5.01.2600.5826 c:\windows\system32\wkssvc.dll
0x60ac0000 0x6b000 6.07.2600.5512 c:\windows\system32\qmgr.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x76720000 0x9000 6.00.2900.5512 c:\windows\system32\SHFOLDER.dll
0x4d5e0000 0x59000 5.01.2600.5868 c:\windows\system32\WINHTTP.dll
0x74f00000 0x9000 2600.5512.0503.0000 c:\windows\system32\dmserver.dll
0x76cc0000 0x12000 5.01.2600.5512 c:\windows\system32\cryptsvc.dll
0x752c0000 0x33000 5.01.2600.5512 c:\windows\system32\certcli.dll
0x77cd0000 0x33000 5.01.2600.5512 C:\WINDOWS\System32\netman.dll
0x76390000 0x1a9000 5.01.2600.5512 C:\WINDOWS\System32\netshell.dll
0x76bb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\credui.dll
0x72640000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 C:\WINDOWS\System32\OneX.DLL
0x6da60000 0x22000 5.01.2600.5512 C:\WINDOWS\System32\eappcfg.dll
0x200e0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\eappprxy.dll
0x72f80000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\WZCSAPI.DLL
0x75000000 0x1b000 5.01.2600.6031 c:\windows\system32\srvsvc.dll
0x68d40000 0x9000 5.01.2600.5512 c:\windows\system32\hidserv.dll
0x68d50000 0x9000 5.01.2600.5512 c:\windows\system32\HID.DLL
0x74eb0000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x776d0000 0x44000 2001.12.4414.0706 c:\windows\system32\es.dll
0x74ef0000 0x9000 5.01.2600.5512 c:\windows\system32\ersvc.dll
0x73c70000 0x8000 5.01.2600.5512 c:\windows\system32\seclogon.dll
0x75110000 0x2e000 5.01.2600.5512 c:\windows\system32\srsvc.dll
0x74a40000 0x8000 6.00.2900.5512 c:\windows\system32\POWRPROF.dll
0x72240000 0xd000 5.01.2600.5512 c:\windows\system32\sens.dll
0x74fe0000 0x19000 5.01.2600.5512 c:\windows\system32\trkwks.dll
0x76d90000 0x16000 5.01.2600.5512 c:\windows\system32\browser.dll
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x4f0b0000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x75350000 0x6d000 5.01.2600.5512 C:\WINDOWS\system32\VSSAPI.DLL
0x50040000 0x1d9000 7.04.7600.0226 C:\WINDOWS\system32\wuaueng.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\WINSPOOL.DRV
0x750c0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x60440000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x76760000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x66890000 0x56000 5.01.2600.5512 c:\windows\system32\ipnathlp.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x4c190000 0x17000 5.01.2600.5512 c:\windows\system32\wscsvc.dll
0x7d200000 0x2bc000 3.01.4001.5512 c:\windows\system32\msi.dll
0x75200000 0x37000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x76250000 0x85000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemcore.dll
0x75280000 0x3f000 5.01.2600.5512 C:\WINDOWS\system32\wbem\esscli.dll
0x75610000 0x76000 5.01.2600.5755 C:\WINDOWS\system32\wbem\FastProx.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\System32\SXS.DLL
0x74f90000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wmiutils.dll
0x75170000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\wbem\repdrvfs.dll
0x76080000 0x13c000 2001.12.4414.0702 C:\WINDOWS\system32\comsvcs.dll
0x750a0000 0x14000 2001.12.4414.0700 C:\WINDOWS\system32\colbact.DLL
0x75060000 0x13000 2001.12.4414.0706 C:\WINDOWS\system32\MTXCLU.DLL
0x71a10000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\WSOCK32.dll
0x76d50000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\CLUSAPI.DLL
0x75020000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\RESUTILS.DLL
0x76f60000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\System32\sfc_os.dll
0x41d50000 0x72000 5.01.2600.5755 C:\WINDOWS\system32\wbem\wmiprvsd.dll
0x5fb00000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\NCObjAPI.DLL
0x75300000 0x46000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemess.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x5fad0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\ncprov.dll
0x50f00000 0xd000 7.04.7600.0226 C:\WINDOWS\system32\wups2.dll
0x73330000 0x40000 5.01.2600.5512 c:\windows\system32\tapisrv.dll
0x7def0000 0x32000 5.01.2600.5512 c:\windows\system32\rasmans.dll
0x742d0000 0xb000 5.01.2600.5512 c:\windows\system32\WINIPSEC.DLL
0x75570000 0x9d000 5.01.2600.5512 c:\windows\system32\netcfgx.dll
0x75880000 0x11000 5.01.2600.5512 C:\WINDOWS\System32\rastapi.dll
0x57f70000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x71f70000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\uniplat.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\rasadhlp.dll
0x5b390000 0x16000 5.01.2600.5512 C:\WINDOWS\System32\unimdmat.dll
0x61a20000 0x29000 5.01.2600.5512 C:\WINDOWS\system32\modemui.dll
0x57ff0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x57fd0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x58000000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x58020000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x58010000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x721b0000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\rasppp.dll
0x72400000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\ntlsapi.dll
0x71c50000 0x4c000 5.01.2600.6059 C:\WINDOWS\system32\kerberos.dll
0x74550000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x76df0000 0x24000 5.01.2600.5512 C:\WINDOWS\system32\upnp.dll
0x74e70000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\SSDPAPI.dll
0x754c0000 0xaa000 5.01.2600.5512 C:\WINDOWS\System32\RASDLG.dll
0x748f0000 0x123000 8.100.1052.0000 C:\WINDOWS\system32\msxml3.dll
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\System32\dssenh.dll
0x74e40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
------------------------------------------------------------------------------
svchost.exe pid: 996
Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x1030
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤
File Installation : C:\Documents and Settings\Admin\Bureau\List_Killem_Install.exe
User : Admin (Utilisateurs)
Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
Start at: 18:42:08 | 21/02/2011
Intel(R) Pentium(R) 4 CPU 2.93GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Disabled
AV : Avira AntiVir PersonalEdition 6.38.0.225
[ (!) Disabled | (!) Outdated ]
AV : avast! Antivirus 5.0.83886969 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 75,77 Go (46,7 Go free) [Syst] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 73,27 Go (51,94 Go free) [Caisse] | NTFS
F:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
M:\ -> Disque amovible | 1,86 Go (1,75 Go free) [LEXAR] | FAT32
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Documents and settings\Admin
C:\Documents and settings\Public
Boot: Normal
¤¤¤¤¤¤ Processes -- Memory(Ko) -- Priority -- User -- Command -- Signer
C:\WINDOWS\System32\smss.exe -- 432 Ko -- Normal -- SYSTEM -- \SystemRoot\System32\smss.exe --
C:\WINDOWS\system32\csrss.exe -- 4228 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 --
C:\WINDOWS\system32\winlogon.exe -- 3628 Ko -- High -- SYSTEM -- winlogon.exe --
C:\WINDOWS\system32\services.exe -- 4412 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\services.exe --
C:\WINDOWS\system32\lsass.exe -- 6420 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\lsass.exe --
C:\WINDOWS\system32\svchost.exe -- 5008 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\svchost -k DcomLaunch --
C:\WINDOWS\system32\svchost.exe -- 4272 Ko -- Normal -- -- C:\WINDOWS\system32\svchost -k rpcss --
C:\WINDOWS\System32\svchost.exe -- 26920 Ko -- Normal -- SYSTEM -- C:\WINDOWS\System32\svchost.exe -k netsvcs --
C:\WINDOWS\system32\svchost.exe -- 3604 Ko -- Normal -- SERVICE RÉSEAU -- C:\WINDOWS\system32\svchost.exe -k NetworkService --
C:\WINDOWS\system32\svchost.exe -- 3912 Ko -- Normal -- SERVICE LOCAL -- C:\WINDOWS\system32\svchost.exe -k LocalService --
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- 23216 Ko -- Normal -- SYSTEM -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- ALWIL Software
C:\WINDOWS\system32\spoolsv.exe -- 5568 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\spoolsv.exe --
C:\WINDOWS\system32\svchost.exe -- 3804 Ko -- Normal -- -- C:\WINDOWS\system32\svchost.exe -k LocalService --
C:\WINDOWS\System32\svchost.exe -- 3736 Ko -- Normal -- SYSTEM -- C:\WINDOWS\System32\svchost.exe -k eapsvcs --
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- 2940 Ko -- Normal -- SYSTEM -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- Microsoft Corporation
C:\WINDOWS\system32\svchost.exe -- 4396 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\svchost.exe -k imgsvc --
C:\WINDOWS\system32\wuauclt.exe -- 8308 Ko -- Normal -- SYSTEM -- C:\WINDOWS\system32\wuauclt.exe /RunStoreAsComServer Local\[3b4]SUSDS8aaf79c0e450a446a00672a355fb04ba -- Microsoft Windows Component Publisher
C:\WINDOWS\Explorer.EXE -- 29784 Ko -- Normal -- Admin -- C:\WINDOWS\Explorer.EXE --
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe -- 6088 Ko -- Normal -- Admin -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui -- ALWIL Software
C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe -- 4104 Ko -- Normal -- Admin -- C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe -r --
C:\Program Files\SuperCopier2\SuperCopier2.exe -- 3712 Ko -- Normal -- Admin -- C:\Program Files\SuperCopier2\SuperCopier2.exe --
C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE -- 14380 Ko -- Normal -- Admin -- C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE -m -- Microsoft Corporation
C:\WINDOWS\system32\ctfmon.exe -- 3248 Ko -- Normal -- Admin -- C:\WINDOWS\system32\ctfmon.exe --
C:\WINDOWS\system32\wscntfy.exe -- 2468 Ko -- Normal -- Admin -- C:\WINDOWS\system32\wscntfy.exe --
C:\WINDOWS\system32\wuauclt.exe -- 4300 Ko -- Normal -- Admin -- C:\WINDOWS\system32\wuauclt.exe -- Microsoft Windows Component Publisher
C:\WINDOWS\system32\cmd.exe -- 1824 Ko -- Normal -- Admin -- cmd /c C:\Program Files\List_Kill'em\List'em.bat --
C:\WINDOWS\system32\wbem\wmiprvse.exe -- 6844 Ko -- Normal -- -- C:\WINDOWS\system32\wbem\wmiprvse.exe --
C:\Program Files\List_Kill'em\pv.exe -- 2796 Ko -- Normal -- Admin -- pv.exe -o%f -- %m Ko -- %p -- %u -- %l -- %s --
¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SuperCopier2.exe = C:\Program Files\SuperCopier2\SuperCopier2.exe
E09FXLRD_22205234 = C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE -m
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avast5 = C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
CreateCD50 = C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe -r
AdaptecDirectCD = C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Policies\explorer
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)
NoLogOff = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoLogoff = 0 (0x0)
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ AppInit_DLLS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\WINDOWS\System32\userinit.exe,
System =
VMApplet = rundll32 shell32,Control_RunDLL sysdm.cpl
PowerdownAfterShutdown = 0
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Explorer\ShellExecuteHooks
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤ ActivX
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
¤¤¤¤¤¤¤¤¤¤ Open Ports
¤¤¤¤¤¤¤¤¤¤ BHO
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
¤¤¤¤¤¤¤¤¤¤ DNS
DNS Server Search Order: 172.16.0.111
DNS Server Search Order: 172.16.0.20
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1BA7E80D-4A9F-46D1-8BE8-689C412B9CDE}: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1BA7E80D-4A9F-46D1-8BE8-689C412B9CDE}: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1BA7E80D-4A9F-46D1-8BE8-689C412B9CDE}: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=217.64.98.67 217.64.98.37 172.16.0.111 172.16.0.20
¤¤¤¤¤¤¤¤¤¤ Internet Explorer
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤ Proxy
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 1 (0x1)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ SVC | svchost
svchost.exe 824 DcomLaunch, TermService
svchost.exe 880 RpcSs
svchost.exe 948 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
dmserver, ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
HidServ, LanmanServer, lanmanworkstation,
Netman, Nla, RasMan, Schedule, seclogon,
SENS, SharedAccess, ShellHWDetection,
srservice, TapiSrv, Themes, TrkWks, W32Time,
winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 996 Dnscache
svchost.exe 1064 LmHosts, RemoteRegistry, SSDPSRV
svchost.exe 1592 WebClient
svchost.exe 1648 EapHost
svchost.exe 1928 stisvc
¤¤¤¤¤¤¤¤¤¤ IFEO | debugger
¤¤¤¤¤¤¤¤¤¤ Mountpoints2
¤¤¤¤¤¤¤¤¤¤ Services
¤ Ndisuio -> Start : 3 ( OK = 3 )
¤ EapHost -> Start : 2 ( OK = 2 )
¤ Ip6Fw -> Start : 2 ( OK = 2 )
¤ SharedAccess -> Start : 2 ( OK = 2 )
¤ wuauserv -> Start : 2 ( OK = 2 )
¤ wscsvc -> Start : 2 ( OK = 2 )
¤¤¤¤¤¤¤¤¤¤ First Scan
¤¤¤¤¤¤¤¤¤¤ HKCU | HKLM
[HKEY_CURRENT_USER\software\Aaspp]
[HKEY_CURRENT_USER\software\Actecom]
[HKEY_CURRENT_USER\software\Adaptec]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\Ahead]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\ashampoo]
[HKEY_CURRENT_USER\software\ASIO4ALL v2 by Wuschel]
[HKEY_CURRENT_USER\software\Avira]
[HKEY_CURRENT_USER\software\Carambis]
[HKEY_CURRENT_USER\software\ESTsoft]
[HKEY_CURRENT_USER\software\Gaijin]
[HKEY_CURRENT_USER\software\GlarySoft]
[HKEY_CURRENT_USER\software\Hewlett-Packard]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\KasperskyLab]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\MicroVision]
[HKEY_CURRENT_USER\software\Nero]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Northcode Inc]
[HKEY_CURRENT_USER\software\Northern Codeworks]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Opera Software]
[HKEY_CURRENT_USER\software\PC SOFT]
[HKEY_CURRENT_USER\software\PDFCreator]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\PowerQuest]
[HKEY_CURRENT_USER\software\PremiumSoft]
[HKEY_CURRENT_USER\software\Rapidtyping]
[HKEY_CURRENT_USER\software\SFX TEAM]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\TVideoGrabber]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\wrfke]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\Adaptec]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Agere]
[HKEY_LOCAL_MACHINE\software\Ahead]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\Ashampoo]
[HKEY_LOCAL_MACHINE\software\Audible]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\CDDB]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\ESTsoft]
[HKEY_LOCAL_MACHINE\software\FreeCDRIP]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\GlarySoft]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\H+BEDV]
[HKEY_LOCAL_MACHINE\software\Hewlett-Packard]
[HKEY_LOCAL_MACHINE\software\HP]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\knight]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\Nero]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Ontrack]
[HKEY_LOCAL_MACHINE\software\PhotoFiltre]
[HKEY_LOCAL_MACHINE\software\Piriform]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\PowerQuest]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\RapidTyping]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\Roxio]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\Shunsoft]
[HKEY_LOCAL_MACHINE\software\Sony Corporation]
[HKEY_LOCAL_MACHINE\software\SONY PVC]
[HKEY_LOCAL_MACHINE\software\TrendMicro]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\X-AVCSD]
[HKEY_LOCAL_MACHINE\software\Yahoo]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : \AUTOEXEC.BAT
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\WINDOWS\SET34.tmp
Present !! : C:\WINDOWS\SET37.tmp
Present !! : C:\WINDOWS\SET43.tmp
Present !! : C:\WINDOWS\SET50.tmp
Present !! : C:\WINDOWS\SET53.tmp
Present !! : C:\WINDOWS\SET5F.tmp
Present !! : C:\WINDOWS\Fonts\GRGAREF.TTF
Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-21 18:44:49
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y160M0 rev.YAR511W0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x82D859C0]
3 CLASSPNP[0xF8693FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP1T0L0-e[0x82DD3030]
kernel: MBR read successfully
user & kernel MBR OK
# Boot Size (MB) Type
1 Yes 77593 7 NTFS or HPFS
2 75031 15 WIN95: Extended partition, LBA-mapped
3 0 0 None
4 0 0 None
\.\C: --> \.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
\.\E: --> \.\PhysicalDrive0 at offset 0x00000012'f1963e00 (NTFS)
Size Device Name MBR Status
--------------------------------------------
149 GB \.\PhysicalDrive0 Windows XP MBR code detected
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 18:45:59
***************************************************************
¤¤¤¤¤¤¤¤¤¤ More informations ¤¤¤¤¤¤¤¤¤¤
21/02 - 18:45
¤¤¤¤¤¤¤¤¤¤¤ Firewall Rules ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
¤¤¤¤¤¤¤¤¤¤¤ firewallpolicy
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
¤¤¤¤¤¤¤¤¤¤¤ DLLs ¤¤¤¤¤¤¤¤¤¤
------------------------------------------------------------------------------
explorer.exe pid: 1860
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0x100000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x75f10000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x404a0000 0xe6000 8.00.6001.19019 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.19019 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e9000 8.00.6001.19019 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\apphelp.dll
0x75140000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x5b950000 0x73000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76310000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x01100000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x71ca0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x5ffb0000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x4c5a0000 0x18000 9.00.0000.4503 C:\PROGRA~1\WINDOW~2\wmpband.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76920000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76930000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76ac0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x40d30000 0xa95000 8.00.6001.19019 C:\WINDOWS\system32\ieframe.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x76390000 0x1a9000 5.01.2600.5512 C:\WINDOWS\system32\NETSHELL.dll
0x76bb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x5b660000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x72640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x6da60000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x200e0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x10000000 0x17000 1.50.0001.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x01db0000 0x3d000 8.00.6001.18702 C:\WINDOWS\system32\webcheck.dll
0x76540000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74a60000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x74a40000 0x8000 6.00.2900.5512 C:\WINDOWS\system32\POWRPROF.dll
0x00d60000 0x11000 7.00.0000.0010 C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL
0x022e0000 0x56000 7.10.3052.0004 C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x00d90000 0xd000 1.01.0000.0137 E:\UTILIT~1\GLARYU~1\CONTEX~1.DLL
0x40000000 0xc6000 7.00.0004.0453 E:\UTILIT~1\GLARYU~1\rtl70.bpl
0x71a10000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\wsock32.dll
0x02610000 0x157000 7.00.0004.0453 E:\UTILIT~1\GLARYU~1\vcl70.bpl
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\winspool.drv
0x76340000 0x4a000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x7e1e0000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\oledlg.dll
0x02870000 0x202000 3.01.0001.0001 C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x4eb80000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x75ba0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\MSVFW32.dll
0x01e10000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL
0x698e0000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\Faultrep.dll
0x73230000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\RICHED32.DLL
0x74da0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll
0x02b80000 0x488000 1.03.0001.0207 C:\Program Files\Fichiers communs\Nero\Shared\NL3\AdvrCntr3.dll
0x64e40000 0x17000 5.00.0396.0000 C:\Program Files\Alwil Software\Avast5\ashShell.dll
0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x75ef0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x71be0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll
0x75f00000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x75900000 0xfa000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x74730000 0x3d000 3.525.3012.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x6c650000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x73af0000 0x14000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll
0x74a50000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\CFGMGR32.dll
0x038b0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x03640000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
------------------------------------------------------------------------------
winlogon.exe pid: 612
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x77680000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x758d0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\NDdeApi.dll
0x758c0000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\PROFMAP.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x75900000 0xfa000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.3012.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x4a000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x776a0000 0x24000 6.00.2900.5512 C:\WINDOWS\system32\SHSVCS.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\sfc_os.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x75140000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x72340000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\WINSCARD.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\cscdll.dll
0x46fc0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x758e0000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\WlNotify.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\wldap32.dll
0x76e90000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\RASAPI32.dll
0x76e40000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\rasman.dll
0x76e60000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\TAPI32.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\system32\cscui.dll
0x01680000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
No matching processes were found.
------------------------------------------------------------------------------
svchost.exe pid: 824
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76870000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00670000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x766a0000 0x54000 5.01.2600.5512 c:\windows\system32\termsrv.dll
0x74ee0000 0x6000 5.01.2600.5512 c:\windows\system32\ICAAPI.dll
0x778e0000 0xf8000 5.01.2600.5512 c:\windows\system32\SETUPAPI.dll
0x76be0000 0x2e000 5.131.2600.5922 c:\windows\system32\WINTRUST.dll
0x779e0000 0x97000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x75080000 0x1f000 5.01.2600.5512 c:\windows\system32\mstlsapi.dll
0x77c90000 0x32000 5.01.2600.5512 c:\windows\system32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 c:\windows\system32\adsldpc.dll
0x6fee0000 0x55000 5.01.2600.5694 c:\windows\system32\NETAPI32.dll
0x76ac0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x76b60000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
svchost.exe pid: 880
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x76870000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00670000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x76f60000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
------------------------------------------------------------------------------
svchost.exe pid: 948
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x103000 6.00.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x58b50000 0x9a000 5.82.2900.6028 C:\WINDOWS\system32\comctl32.dll
0x77650000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x00630000 0x2da000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x776a0000 0x24000 6.00.2900.5512 c:\windows\system32\shsvcs.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\WINSTA.dll
0x6fee0000 0x55000 5.01.2600.5694 C:\WINDOWS\System32\NETAPI32.dll
0x7d4d0000 0x22000 5.01.2600.5512 c:\windows\system32\dhcpcsvc.dll
0x76ed0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x719f0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76d10000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\System32\rsaenh.dll
0x71990000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x7db30000 0x8c000 5.01.2600.5512 c:\windows\system32\wzcsvc.dll
0x76e30000 0xe000 5.01.2600.5512 c:\windows\system32\rtutils.dll
0x76ce0000 0x4000 5.01.2600.5512 c:\windows\system32\WMI.dll
0x779e0000 0x97000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x71780000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll
0x76ac0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x5bdf0000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll
0x76010000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x5b660000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll
0x76f00000 0x8000 5.01.2600.5512 c:\windows\system32\WTSAPI32.dll
0x6f890000 0x111000 5.01.2600.5512 c:\windows\system32\ESENT.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x7d500000 0x27000 5.01.2600.5886 C:\WINDOWS\System32\rastls.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\System32\CRYPTUI.dll
0x404a0000 0xe6000 8.00.6001.19019 C:\WINDOWS\system32\WININET.dll
0x014e0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x45180000 0x133000 8.00.6001.19019 C:\WINDOWS\system32\urlmon.dll
0x40b40000 0x1e9000 8.00.6001.19019 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5922 C:\WINDOWS\System32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76cf0000 0x18000 5.01.2600.5512 C:\WINDOWS\System32\MPRAPI.dll
0x77c90000 0x32000 5.01.2600.5512 C:\WINDOWS\System32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 C:\WINDOWS\System32\adsldpc.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\System32\SETUPAPI.dll
0x76e90000 0x3c000 5.01.2600.5512 C:\WINDOWS\System32\RASAPI32.dll
0x76e40000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\rasman.dll
0x76e60000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\TAPI32.dll
0x76790000 0x28000 5.01.2600.6006 C:\WINDOWS\System32\SCHANNEL.dll
0x72340000 0x1c000 5.01.2600.5512 C:\WINDOWS\System32\WinSCard.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\PSAPI.DLL
0x76c90000 0x16000 5.01.2600.5886 C:\WINDOWS\System32\raschap.dll
0x77c40000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76730000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll
0x76b10000 0x34000 5.01.2600.5512 c:\windows\system32\schedsvc.dll
0x76740000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll
0x74ec0000 0x5000 6.00.2900.5512 C:\WINDOWS\System32\MSIDLE.DLL
0x70da0000 0xd000 5.01.2600.5512 c:\windows\system32\audiosrv.dll
0x772d0000 0x23000 5.01.2600.5826 c:\windows\system32\wkssvc.dll
0x60ac0000 0x6b000 6.07.2600.5512 c:\windows\system32\qmgr.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x76720000 0x9000 6.00.2900.5512 c:\windows\system32\SHFOLDER.dll
0x4d5e0000 0x59000 5.01.2600.5868 c:\windows\system32\WINHTTP.dll
0x74f00000 0x9000 2600.5512.0503.0000 c:\windows\system32\dmserver.dll
0x76cc0000 0x12000 5.01.2600.5512 c:\windows\system32\cryptsvc.dll
0x752c0000 0x33000 5.01.2600.5512 c:\windows\system32\certcli.dll
0x77cd0000 0x33000 5.01.2600.5512 C:\WINDOWS\System32\netman.dll
0x76390000 0x1a9000 5.01.2600.5512 C:\WINDOWS\System32\netshell.dll
0x76bb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\credui.dll
0x72640000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 C:\WINDOWS\System32\OneX.DLL
0x6da60000 0x22000 5.01.2600.5512 C:\WINDOWS\System32\eappcfg.dll
0x200e0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\eappprxy.dll
0x72f80000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\WZCSAPI.DLL
0x75000000 0x1b000 5.01.2600.6031 c:\windows\system32\srvsvc.dll
0x68d40000 0x9000 5.01.2600.5512 c:\windows\system32\hidserv.dll
0x68d50000 0x9000 5.01.2600.5512 c:\windows\system32\HID.DLL
0x74eb0000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x776d0000 0x44000 2001.12.4414.0706 c:\windows\system32\es.dll
0x74ef0000 0x9000 5.01.2600.5512 c:\windows\system32\ersvc.dll
0x73c70000 0x8000 5.01.2600.5512 c:\windows\system32\seclogon.dll
0x75110000 0x2e000 5.01.2600.5512 c:\windows\system32\srsvc.dll
0x74a40000 0x8000 6.00.2900.5512 c:\windows\system32\POWRPROF.dll
0x72240000 0xd000 5.01.2600.5512 c:\windows\system32\sens.dll
0x74fe0000 0x19000 5.01.2600.5512 c:\windows\system32\trkwks.dll
0x76d90000 0x16000 5.01.2600.5512 c:\windows\system32\browser.dll
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x4f0b0000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x75350000 0x6d000 5.01.2600.5512 C:\WINDOWS\system32\VSSAPI.DLL
0x50040000 0x1d9000 7.04.7600.0226 C:\WINDOWS\system32\wuaueng.dll
0x72f50000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\WINSPOOL.DRV
0x750c0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x60440000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x76760000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x66890000 0x56000 5.01.2600.5512 c:\windows\system32\ipnathlp.dll
0x77680000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x4c190000 0x17000 5.01.2600.5512 c:\windows\system32\wscsvc.dll
0x7d200000 0x2bc000 3.01.4001.5512 c:\windows\system32\msi.dll
0x75200000 0x37000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x76250000 0x85000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemcore.dll
0x75280000 0x3f000 5.01.2600.5512 C:\WINDOWS\system32\wbem\esscli.dll
0x75610000 0x76000 5.01.2600.5755 C:\WINDOWS\system32\wbem\FastProx.dll
0x77210000 0xb1000 5.01.2600.5512 C:\WINDOWS\System32\SXS.DLL
0x74f90000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wmiutils.dll
0x75170000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\wbem\repdrvfs.dll
0x76080000 0x13c000 2001.12.4414.0702 C:\WINDOWS\system32\comsvcs.dll
0x750a0000 0x14000 2001.12.4414.0700 C:\WINDOWS\system32\colbact.DLL
0x75060000 0x13000 2001.12.4414.0706 C:\WINDOWS\system32\MTXCLU.DLL
0x71a10000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\WSOCK32.dll
0x76d50000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\CLUSAPI.DLL
0x75020000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\RESUTILS.DLL
0x76f60000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x76b50000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sfc.dll
0x76c10000 0x2a000 5.01.2600.5512 C:\WINDOWS\System32\sfc_os.dll
0x41d50000 0x72000 5.01.2600.5755 C:\WINDOWS\system32\wbem\wmiprvsd.dll
0x5fb00000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\NCObjAPI.DLL
0x75300000 0x46000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemess.dll
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x5fad0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\ncprov.dll
0x50f00000 0xd000 7.04.7600.0226 C:\WINDOWS\system32\wups2.dll
0x73330000 0x40000 5.01.2600.5512 c:\windows\system32\tapisrv.dll
0x7def0000 0x32000 5.01.2600.5512 c:\windows\system32\rasmans.dll
0x742d0000 0xb000 5.01.2600.5512 c:\windows\system32\WINIPSEC.DLL
0x75570000 0x9d000 5.01.2600.5512 c:\windows\system32\netcfgx.dll
0x75880000 0x11000 5.01.2600.5512 C:\WINDOWS\System32\rastapi.dll
0x57f70000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x71f70000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\uniplat.dll
0x76f70000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\rasadhlp.dll
0x5b390000 0x16000 5.01.2600.5512 C:\WINDOWS\System32\unimdmat.dll
0x61a20000 0x29000 5.01.2600.5512 C:\WINDOWS\system32\modemui.dll
0x57ff0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x57fd0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x58000000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x58020000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x58010000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x721b0000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\rasppp.dll
0x72400000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\ntlsapi.dll
0x71c50000 0x4c000 5.01.2600.6059 C:\WINDOWS\system32\kerberos.dll
0x74550000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x76df0000 0x24000 5.01.2600.5512 C:\WINDOWS\system32\upnp.dll
0x74e70000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\SSDPAPI.dll
0x754c0000 0xaa000 5.01.2600.5512 C:\WINDOWS\System32\RASDLG.dll
0x748f0000 0x123000 8.100.1052.0000 C:\WINDOWS\system32\msxml3.dll
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\System32\dssenh.dll
0x74e40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
------------------------------------------------------------------------------
svchost.exe pid: 996
Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb9000 5.01.2600.6055 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x93000 5.01.2600.6022 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77ef0000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774a0000 0x13e000 5.01.2600.6010 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x825000 6.00.2900.6072 C:\WINDOWS\system32\SHELL32.dll
0x77f40000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x1030
