Sujet Précédent Sujet Suivant

Pb avec Trojan Agent.ABNH

Résolu/Fermé
kilrathy2 Messages postés 8 Date d'inscription samedi 1 septembre 2007 Statut Membre Dernière intervention 6 décembre 2008 - 1 sept. 2007 à 20:13
 kilrathy2 - 2 sept. 2007 à 19:00
Bonjour

Voilà, sur mon PC perso je n'arrive pas à me débarraser d'un trojan qui infecte windows/system32/winservcs32.dll
Chaque fois que j'arrive à détruire ce fichier il est immédiatement recréé.

Voici mes logs :

Bonjour

Mon PC sous XP est infecté par le trojan Win32:Agent-KCT (détecté par Avast!). C'est le fichier C:\WINDOWS\system32\winservcs32.dll\[Upack] qui est en cause mais si je le détruit directement sous windows il est aussitôt recréé.

Que faire ?

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 17:32:39 01/09/2007
+ Résultat de l'analyse:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0H3NEAAS\msvbedll[1].dll -> Backdoor.Agobot.akd : Aucune action entreprise.
C:\WINDOWS\system32\winservcs32.dll -> Backdoor.Agobot.akd : Aucune action entreprise.
Fin du rapport


---------------------------------------------------------
BitDefender Online Scanner
---------------------------------------------------------
Scan report generated at: Sat, Sep 01, 2007 - 19:57:52
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:01:52
Files
484673
Folders
7142
Boot Sectors
3
Archives
13860
Packed Files
47155
Results
Identified Viruses
1
Infected Files
3
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
2
Engines Info
Virus Definitions
750951
Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Scanned File
Status
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KHMAPLO2\msvbedll[1].dll
Infected with: Trojan.Agent.ABNH
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KHMAPLO2\msvbedll[1].dll
Disinfection failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KHMAPLO2\msvbedll[1].dll
Deleted
C:\WINDOWS\system32\msvc32.dll
Infected with: Trojan.Agent.ABNH
C:\WINDOWS\system32\msvc32.dll
Disinfection failed
C:\WINDOWS\system32\msvc32.dll
Delete failed
C:\WINDOWS\system32\winservcs32.dll
Infected with: Trojan.Agent.ABNH
C:\WINDOWS\system32\winservcs32.dll
Disinfection failed
C:\WINDOWS\system32\winservcs32.dll
Deleted


---------------------------------------------------------
Logfile of HijackThis v1.99.1
---------------------------------------------------------
Scan saved at 20:09:01, on 01/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\rnamfler\naomf.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\rnamfler\radprcmp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP03593 - {27184DFB-DC33-4b40-B62E-D561770E87B5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: (no name) - {81CFC095-AC7A-4B6C-9EBF-9B353A7A7EE2} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: WPBM.exe.lnk = C:\Program Files\Wallpaper Boot Master DEMO\WPBM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,95/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://62.201.137.56/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)


Merci pour votre aide.
A voir également:

6 réponses

Réponse 1 / 6
Utilisateur anonyme
1 sept. 2007 à 20:41
Bonjour

Qu'as-tu comme pare-feu ?


¤ ¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 30 days
- Loaded modules
- Hidden objects
- suspucious files

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
0
Réponse 2 / 6
kilrathy2
2 sept. 2007 à 01:30
Pour le pare feu je n'ai que celui de windows XP.

Je vais voir pour le systemscan...
0
Réponse 3 / 6
kilrathy2
2 sept. 2007 à 01:43
ci-joint le systemscan

SystemScan - www.suspectfile.com - ver. 3.2.0

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 02/09/2007
Time: 01:32:25

Output limited to:
-Recent files
-Loaded Dlls
-Hidden objects
-Suspicious Files

===================== Recent files (30 days old)=====================

----- recent files in C:\
15/08/2007 00:03:24 (DIR) 0 byte 18 days old -- Config.Msi
24/08/2007 19:38:35 1071804416 byte 9 days old -- hiberfil.sys
31/08/2007 03:03:01 302966 byte 2 days old -- winzip.log
31/08/2007 16:02:00 3965 byte 2 days old -- rapport.txt
31/08/2007 18:16:20 495 byte 2 days old -- stub.log
01/09/2007 20:08:41 (DIR) 0 byte 1 days old -- Program Files
02/09/2007 01:12:36 1610612736 byte 0 days old -- pagefile.sys
02/09/2007 01:16:42 (DIR) 0 byte 0 days old -- WINDOWS
02/09/2007 01:32:24 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
15/08/2007 00:03:05 (DIR) 0 byte 18 days old -- $NtUninstallKB936782_WMP10$
15/08/2007 00:03:23 (DIR) 0 byte 18 days old -- WinSxS
15/08/2007 00:03:24 (DIR) 0 byte 18 days old -- Installer
15/08/2007 00:04:00 (DIR) 0 byte 18 days old -- ie7updates
15/08/2007 00:06:23 (DIR) 0 byte 18 days old -- $NtUninstallKB938829$
15/08/2007 00:06:34 (DIR) 0 byte 18 days old -- $NtUninstallKB921503$
15/08/2007 00:06:40 (DIR) 0 byte 18 days old -- $NtUninstallKB938828$
15/08/2007 00:06:46 (DIR) 0 byte 18 days old -- $NtUninstallKB936021$
15/08/2007 01:04:17 (DIR) 0 byte 18 days old -- Debug
16/08/2007 16:23:54 (DIR) 0 byte 17 days old -- Prefetch
24/08/2007 19:40:36 (DIR) 0 byte 9 days old -- Help
29/08/2007 15:56:47 (DIR) 0 byte 4 days old -- $hf_mig$
29/08/2007 18:01:19 (DIR) 0 byte 4 days old -- $NtUninstallKB933360$
30/08/2007 22:59:21 0 byte 3 days old -- Sti_Trace.log
30/08/2007 23:14:30 (DIR) 0 byte 3 days old -- Nouveau dossier
31/08/2007 21:21:18 19759 byte 2 days old -- cool.ini
31/08/2007 21:55:44 1880 byte 2 days old -- AUTOLNCH.REG
01/09/2007 17:37:30 (DIR) 0 byte 1 days old -- inf
01/09/2007 17:37:33 (DIR) 0 byte 1 days old -- Downloaded Program Files
01/09/2007 18:54:28 (DIR) 0 byte 1 days old -- Minidump
01/09/2007 19:59:36 49664 byte 1 days old -- Thumbs.db
01/09/2007 20:05:25 (DIR) 0 byte 1 days old -- BDOSCAN8
01/09/2007 23:38:21 5024 byte 1 days old -- SchedLgU.Txt
02/09/2007 01:12:39 2048 byte 0 days old -- bootstat.dat
02/09/2007 01:12:45 50 byte 0 days old -- wiaservc.log
02/09/2007 01:12:46 140483 byte 0 days old -- WindowsUpdate.log
02/09/2007 01:12:49 159 byte 0 days old -- wiadebug.log
02/09/2007 01:16:22 4932601 byte 0 days old -- {00000005-00000000-00000003-00001102-00000004-20061102}.CDF
02/09/2007 01:16:42 (DIR) 0 byte 0 days old -- Temp
02/09/2007 01:16:48 (DIR) 0 byte 0 days old -- system32

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
19/08/2007 00:52:30 3334 byte 14 days old -- msvc32.dll
24/08/2007 19:38:56 1094 byte 9 days old -- stanby.reg
29/08/2007 18:01:18 249356 byte 4 days old -- TZLog.log
29/08/2007 18:31:19 (DIR) 0 byte 4 days old -- dllcache
30/08/2007 21:10:01 22528 byte 3 days old -- Thumbs.db
30/08/2007 22:22:07 3112 byte 3 days old -- CONFIG.NT
30/08/2007 22:59:00 (DIR) 0 byte 3 days old -- config
31/08/2007 16:01:53 0 byte 2 days old -- tmp.txt
31/08/2007 16:01:53 1792 byte 2 days old -- tmp.reg
01/09/2007 23:05:17 8786 byte 1 days old -- winservcs32.dll
01/09/2007 23:32:45 (DIR) 0 byte 1 days old -- CatRoot2
01/09/2007 23:38:41 1080 byte 1 days old -- settingsbkup.sfm
01/09/2007 23:38:41 1080 byte 1 days old -- settings.sfm
01/09/2007 23:38:41 31368 byte 1 days old -- BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
01/09/2007 23:38:41 32000 byte 1 days old -- BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
01/09/2007 23:38:41 32000 byte 1 days old -- BMXState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
01/09/2007 23:38:41 31368 byte 1 days old -- BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
01/09/2007 23:38:41 384 byte 1 days old -- DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
01/09/2007 23:38:41 384 byte 1 days old -- DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
02/09/2007 01:13:18 (DIR) 0 byte 0 days old -- drivers
02/09/2007 01:16:40 2206 byte 0 days old -- wpa.dbl
02/09/2007 01:16:47 62972 byte 0 days old -- perfc040.dat
02/09/2007 01:16:47 444564 byte 0 days old -- perfh040.dat
02/09/2007 01:16:48 53436 byte 0 days old -- perfc009.dat
02/09/2007 01:16:48 64484 byte 0 days old -- perfc00C.dat
02/09/2007 01:16:48 956698 byte 0 days old -- PerfStringBackup.INI
02/09/2007 01:16:48 446566 byte 0 days old -- perfh00C.dat
02/09/2007 01:16:48 381692 byte 0 days old -- perfh009.dat

----- recent files in C:\WINDOWS\system32\drivers\

----- recent files in C:\WINDOWS\temp\
02/09/2007 01:12:44 16384 byte 0 days old -- Perflib_Perfdata_7cc.dat
02/09/2007 01:24:09 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Program Files\
15/08/2007 00:04:08 (DIR) 0 byte 18 days old -- Internet Explorer
15/08/2007 23:31:55 (DIR) 0 byte 18 days old -- Real Alternative
29/08/2007 18:23:04 (DIR) 0 byte 4 days old -- eMule
30/08/2007 22:22:01 (DIR) 0 byte 3 days old -- Avast4
30/08/2007 22:56:35 (DIR) 0 byte 3 days old -- WMR11
30/08/2007 22:56:54 (DIR) 0 byte 3 days old -- WinISO
31/08/2007 15:55:43 (DIR) 0 byte 2 days old -- Hoster
31/08/2007 16:02:00 (DIR) 0 byte 2 days old -- SmitfraudFix
01/09/2007 18:28:14 (DIR) 0 byte 1 days old -- X2 - The Threat
01/09/2007 20:09:01 (DIR) 0 byte 1 days old -- Hijackthis Version Française
01/09/2007 23:32:49 (DIR) 0 byte 1 days old -- rnamfler

----- recent files in C:\Program Files\Fichiers communs\

----- recent files in C:\Documents and Settings\PATRICK\Application Data\

----- recent files in C:\DOCUME~1\PATRICK\LOCALS~1\Temp\
02/09/2007 01:21:34 173 byte 0 days old -- jusched.log
02/09/2007 01:31:43 16384 byte 0 days old -- ~DF8C49.tmp
02/09/2007 01:31:43 (DIR) 0 byte 0 days old -- nsv32.tmp

===================== loaded Dlls =====================

*** NOTE *** Process sqithpttpx.exe belongs to SystemScan
Already known legit dlls are not shown

------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>
------------------------------------------------------------------------------
smss.exe pid: 952
Command line: \SystemRoot\System32\smss.exe

Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
------------------------------------------------------------------------------
csrss.exe pid: 1000
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75ad0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75ae0000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75af0000 0x4b000 5.01.2600.3103 C:\WINDOWS\system32\winsrv.dll
0x012c0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
winlogon.exe pid: 1188
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x01250000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x75ed0000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\cryptnet.dll
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\SensApi.dll
0x5d260000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\sclgntfy.dll
0x75ef0000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x75f00000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x00bd0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
services.exe pid: 1236
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
0x76a20000 0x53000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x7dbc0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77b80000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll
0x00780000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
lsass.exe pid: 1248
Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
0x756b0000 0xb5000 5.01.2600.2976 C:\WINDOWS\system32\LSASRV.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x743b0000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76730000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71c50000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x74420000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x76760000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\system32\schannel.dll
0x742e0000 0xf000 5.01.2600.2874 C:\WINDOWS\system32\wdigest.dll
0x74370000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x74340000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x75dd0000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL
0x742d0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL
0x74300000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x74320000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x00fd0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
ati2evxx.exe pid: 1400
Command line: C:\WINDOWS\system32\Ati2evxx.exe

Base Size Version Path
0x00400000 0x6b000 6.14.0010.4109 C:\WINDOWS\system32\Ati2evxx.exe
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00ad0000 0xc000 6.14.0010.2495 C:\WINDOWS\system32\Ati2edxx.dll
0x00dc0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
svchost.exe pid: 1416
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77680000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x76ac0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x00dd0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
svchost.exe pid: 1484
Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x00a10000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
svchost.exe pid: 1628
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ed0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x76ac0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x00d90000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\System32\SCHANNEL.dll
0x76740000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x776d0000 0x41000 2001.12.4414.0308 c:\windows\system32\es.dll
0x74eb0000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x76bb0000 0x2f000 5.01.2600.2180 c:\windows\system32\credui.dll
0x10000000 0x39000 1.03.0000.0000 c:\windows\system32\msvc32.dll
0x76760000 0x2d000 5.01.2600.2180 c:\windows\system32\w32time.dll
0x76010000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x4f0b0000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x77680000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x74e40000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x742d0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\WINIPSEC.DLL
0x57f70000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp
0x57ff0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp
0x57fd0000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp
0x58000000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp
0x58020000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp
0x58010000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp
0x71c50000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x76730000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll
0x01ba0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
svchost.exe pid: 1688
Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ed0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x00900000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
svchost.exe pid: 1732
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00730000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x006f0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
aswUpdSv.exe pid: 1936
Command line: "C:\Program Files\Avast4\aswUpdSv.exe"

Base Size Version Path
0x00400000 0x6000 4.07.1029.0000 C:\Program Files\Avast4\aswUpdSv.exe
0x64100000 0x2c000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnS.dll
0x64000000 0x12000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnOS.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x64080000 0x1e000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnB.dll
0x00ba0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
ashServ.exe pid: 1996
Command line: "C:\Program Files\Avast4\ashServ.exe"

Base Size Version Path
0x00400000 0x20000 4.07.1029.0000 C:\Program Files\Avast4\ashServ.exe
0x64580000 0xa2000 4.07.1029.0000 C:\Program Files\Avast4\aswAux.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x64080000 0x1e000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnB.dll
0x64000000 0x12000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnOS.dll
0x64280000 0x121000 4.07.1029.0000 C:\Program Files\Avast4\aswEngin.dll
0x64200000 0x14000 4.07.1029.0000 C:\Program Files\Avast4\aswScan.dll
0x64100000 0x2c000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnS.dll
0x64500000 0x35000 4.07.1029.0000 C:\Program Files\Avast4\ashBase.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x64800000 0x1b000 4.07.1029.0000 C:\Program Files\Avast4\ashTask.dll
0x64400000 0x9000 4.07.1029.0000 C:\Program Files\Avast4\aswInteg.dll
0x64a00000 0x7000 4.07.1029.0000 C:\Program Files\Avast4\aswIdle.dll
0x65000000 0x2d000 4.07.1029.0000 C:\Program Files\Avast4\Aavm4h.dll
0x5d3f0000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\dbghelp.dll
0x66080000 0x18000 4.07.1004.0000 C:\Program Files\Avast4\French\Base.dll
0x6a000000 0x4b000 2.05.0000.0000 C:\Program Files\Avast4\UNACEV2.DLL
0x65380000 0xc000 4.07.1029.0000 C:\Program Files\Avast4\AhResMai.dll
0x65880000 0xc000 4.07.1029.0000 C:\Program Files\Avast4\ahResMes.dll
0x65980000 0xb000 4.07.1029.0000 C:\Program Files\Avast4\AhResNS.dll
0x65280000 0xb000 4.07.1029.0000 C:\Program Files\Avast4\AhResOut.dll
0x658c0000 0xc000 4.07.1029.0000 C:\Program Files\Avast4\ahResP2P.dll
0x65180000 0xe000 4.07.1029.0000 C:\Program Files\Avast4\AhResStd.dll
0x65a00000 0xf000 4.07.1029.0000 C:\Program Files\Avast4\AhResWS.dll
0x64880000 0x39000 4.07.1029.0000 C:\Program Files\Avast4\ashSSqlt.dll
0x741e0000 0x4000 5.01.2600.2180 C:\WINDOWS\system32\ICMP.DLL
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5ead0000 0xa000 5.01.2600.2180 C:\WINDOWS\system32\perfos.dll
0x66000000 0x23000 4.07.1029.0000 C:\Program Files\Avast4\aswRes.dll
0x04a10000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
spoolsv.exe pid: 564
Command line: C:\WINDOWS\system32\spoolsv.exe

Base Size Version Path
0x01000000 0x10000 5.01.2600.2696 C:\WINDOWS\system32\spoolsv.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x69380000 0x9000 5.02.2600.2180 C:\WINDOWS\system32\FXSMON.DLL
0x693a0000 0x13000 5.02.2600.2180 C:\WINDOWS\system32\FXSEVENT.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x00e80000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
guard.exe pid: 720
Command line: "C:\Program Files\AVG Anti-Spyware 7.5\guard.exe"

------------------------------------------------------------------------------
CTSVCCDA.EXE pid: 744
Command line: C:\WINDOWS\system32\CTsvcCDA.EXE

Base Size Version Path
0x00400000 0xf000 1.00.0001.0000 C:\WINDOWS\system32\CTsvcCDA.EXE
0x00bd0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
gearsec.exe pid: 784
Command line: C:\WINDOWS\System32\GEARSec.exe

Base Size Version Path
0x00400000 0xe000 1.00.0000.0006 C:\WINDOWS\System32\GEARSec.exe
0x007d0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
IAANTMon.exe pid: 796
Command line: "C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe"

Base Size Version Path
0x00400000 0x17000 5.00.0001.1001 C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
0x008f0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
PQV2iSvc.exe pid: 740
Command line: "C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe"

Base Size Version Path
0x00400000 0x13c000 9.00.0000.2632 C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x15a000 9.00.0000.2632 C:\Program Files\Symantec\Norton Ghost\Shared\PQV2iObj.dll
0x01580000 0xb7000 9.00.0000.2632 C:\Program Files\Symantec\Norton Ghost\Shared\PQNotify.dll
0x01960000 0xb7000 9.00.0000.2632 C:\Program Files\Symantec\Norton Ghost\Shared\PQScheduler.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x01ce0000 0xc4000 9.00.0000.2632 C:\Program Files\Symantec\Norton Ghost\Agent\PQImaging.dll
0x020b0000 0x59b000 9.00.0000.2632 C:\Program Files\Symantec\Norton Ghost\Agent\PQSmeCOM.dll
0x01a50000 0x68000 3.51.0001.0006 C:\Program Files\Symantec\Norton Ghost\Agent\gwrks32.dll
0x02650000 0x212000 3.51.0001.0006 C:\Program Files\Symantec\Norton Ghost\Agent\GEARAW32.dll
0x02980000 0x23000 3.51.0001.0006 C:\Program Files\Symantec\Norton Ghost\Agent\gwlangEN.dll
0x5d3f0000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.dll
0x01760000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
naofsvc.exe pid: 1108
Command line: "C:\Program Files\rnamfler\naofsvc.exe"

Base Size Version Path
0x00400000 0x21000 C:\Program Files\rnamfler\naofsvc.exe
0x00900000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
svchost.exe pid: 1156
Command line: C:\WINDOWS\system32\svchost.exe -k imgsvc

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75a00000 0x55000 5.01.2600.3051 c:\windows\system32\wiaservc.dll
0x74a50000 0x7000 5.01.2600.2180 c:\windows\system32\CFGMGR32.dll
0x73a80000 0x15000 5.01.2600.2709 c:\windows\system32\mscms.dll
0x71ca0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x006c0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x73af0000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\sti.dll
------------------------------------------------------------------------------
wdfmgr.exe pid: 1556
Command line: C:\WINDOWS\system32\wdfmgr.exe

Base Size Version Path
0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe
0x00940000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
svchost.exe pid: 1656
Command line: C:\WINDOWS\system32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x50040000 0x1a2000 7.00.6000.0381 C:\WINDOWS\system32\wuaueng.dll
0x750c0000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\Cabinet.dll
0x60440000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\mspatcha.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x50e60000 0xc000 7.00.6000.0381 C:\WINDOWS\system32\wups2.dll
0x74e60000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e40000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x01090000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
ashMaiSv.exe pid: 2264
Command line: "C:\Program Files\Avast4\ashMaiSv.exe" /service

Base Size Version Path
0x00400000 0x3c000 4.07.1029.0000 C:\Program Files\Avast4\ashMaiSv.exe
0x64500000 0x35000 4.07.1029.0000 C:\Program Files\Avast4\ashBase.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x64000000 0x12000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnOS.dll
0x64080000 0x1e000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnB.dll
0x64100000 0x2c000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnS.dll
0x65000000 0x2d000 4.07.1029.0000 C:\Program Files\Avast4\Aavm4h.dll
0x64800000 0x1b000 4.07.1029.0000 C:\Program Files\Avast4\ashTask.dll
0x64580000 0xa2000 4.07.1029.0000 C:\Program Files\Avast4\aswAux.dll
0x65380000 0xc000 4.07.1029.0000 C:\Program Files\Avast4\AhResMai.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5d3f0000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\dbghelp.dll
0x66080000 0x18000 4.07.1004.0000 C:\Program Files\Avast4\French\Base.dll
0x64280000 0x121000 4.07.1029.0000 C:\Program Files\Avast4\aswEngin.dll
0x64200000 0x14000 4.07.1029.0000 C:\Program Files\Avast4\aswScan.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x64b00000 0x4b000 4.07.1029.0000 C:\Program Files\Avast4\ashUInt.dll
0x64c80000 0xde000 1.09.0004.0000 C:\Program Files\Avast4\XT1922.dll
0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x74da0000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.DLL
0x66100000 0x26e000 4.07.1004.0000 C:\Program Files\Avast4\French\Lang.dll
0x66500000 0xf000 4.07.1004.0000 C:\Program Files\Avast4\French\langmai.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x01b70000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
ashWebSv.exe pid: 2288
Command line: "C:\Program Files\Avast4\ashWebSv.exe" /service

Base Size Version Path
0x00400000 0x54000 4.07.1029.0000 C:\Program Files\Avast4\ashWebSv.exe
0x64500000 0x35000 4.07.1029.0000 C:\Program Files\Avast4\ashBase.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x64000000 0x12000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnOS.dll
0x64080000 0x1e000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnB.dll
0x64100000 0x2c000 4.07.1029.0000 C:\Program Files\Avast4\aswCmnS.dll
0x65000000 0x2d000 4.07.1029.0000 C:\Program Files\Avast4\Aavm4h.dll
0x64800000 0x1b000 4.07.1029.0000 C:\Program Files\Avast4\ashTask.dll
0x64580000 0xa2000 4.07.1029.0000 C:\Program Files\Avast4\aswAux.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5d3f0000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\dbghelp.dll
0x66080000 0x18000 4.07.1004.0000 C:\Program Files\Avast4\French\Base.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x71ef0000 0x4000 5.01.2600.2180 C:\WINDOWS\system32\security.dll
0x68300000 0x23000 4.07.1029.0000 C:\Program Files\Avast4\ashWsFtr.dll
0x64200000 0x14000 4.07.1029.0000 C:\Program Files\Avast4\aswScan.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x65a00000 0xf000 4.07.1029.0000 C:\PROGRA~1\Avast4\AhResWs.dll
0x64280000 0x121000 4.07.1029.0000 C:\Program Files\Avast4\aswEngin.dll
0x037d0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
alg.exe pid: 2440
Command line: C:\WINDOWS\System32\alg.exe

Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x00730000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
------------------------------------------------------------------------------
explorer.exe pid: 388
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0x100000 6.00.2900.3156 C:\WINDOWS\Explorer.EXE
0x75f10000 0xfd000 6.00.2900.2995 C:\WINDOWS\system32\BROWSEUI.dll
0x77720000 0x170000 6.00.2900.2987 C:\WINDOWS\system32\SHDOCVW.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5b950000 0x73000 6.00.2900.2180 C:\WINDOWS\system32\themeui.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x71ca0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x5ffb0000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\msutb.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WINDOW~4\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cb000 7.00.6000.16512 C:\WINDOWS\system32\ieframe.dll
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x01400000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x01420000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x76540000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\stobject.dll
0x74a60000 0xa000 6.00.2900.2180 C:\WINDOWS\system32\BatMeter.dll
0x76bb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x10000000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
0x69270000 0x8d000 5.02.2600.2180 C:\WINDOWS\system32\fxsst.dll
0x61410000 0x72000 5.02.2600.2180 C:\WINDOWS\system32\FXSAPI.dll
0x75ef0000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x75f00000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x02950000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x6c650000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x73af0000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\sti.dll
0x74a50000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CFGMGR32.dll
0x79000000 0x45000 2.00.50727.0253 C:\WINDOWS\system32\mscoree.dll
0x796e0000 0x3e000 1.01.4322.0573 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
0x73520000 0x47000 5.01.2600.2180 C:\WINDOWS\system32\mstask.dll
0x4eb80000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
------------------------------------------------------------------------------
jusched.exe pid: 1012
Command line: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

Base Size Version Path
0x00400000 0x21000 6.00.0020.0006 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x003e0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00d60000 0x22000 C:\Program Files\rnamfler\radhslib.dll
------------------------------------------------------------------------------
IAAnotif.exe pid: 3856
Command line: "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"

Base Size Version Path
0x00400000 0x23000 5.00.0001.1001 C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0xf000 5.00.0001.1001 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_FRA.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00b30000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00c50000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
CTSysVol.exe pid: 2220
Command line: "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r

Base Size Version Path
0x00400000 0xe000 1.04.0001.0000 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x4000 1.03.0005.0000 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.crl
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00950000 0x25000 3.00.0004.0000 C:\Program Files\Creative\Shared Files\CTTheme.dll
0x00980000 0xb000 2.00.0012.0000 C:\Program Files\Creative\Shared Files\CtrlSrc.dll
0x009a0000 0xe000 1.01.0000.0000 C:\Program Files\Creative\Shared Files\CTIniF.dll
0x009c0000 0x55000 3.00.0006.0000 C:\Program Files\Creative\Shared Files\GDICtrl.skc
0x00a20000 0x29000 3.00.0013.0000 C:\Program Files\Creative\Shared Files\GDICtrl2.skc
0x4eb80000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x00a60000 0x18000 3.00.0012.0000 C:\Program Files\Creative\Shared Files\GDICtrl3.skc
0x00a80000 0x1c000 3.00.0003.0000 C:\Program Files\Creative\Shared Files\RtxCtrl.skc
0x00b40000 0x14000 1.00.0000.0013 C:\Program Files\Creative\Shared Files\mxlib.dll
0x00dc0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00ee0000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x01070000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
------------------------------------------------------------------------------
CTDVDDET.exe pid: 3844
Command line: "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"

Base Size Version Path
0x00400000 0xb000 1.00.0003.0000 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x24000 2.00.0020.0000 C:\Program Files\Creative\Shared Files\CTAudNav.DLL
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00980000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00cb0000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
CTHELPER.EXE pid: 3556
Command line: "C:\WINDOWS\system32\CTHELPER.EXE"

Base Size Version Path
0x00400000 0x7000 1.00.0001.0004 C:\WINDOWS\system32\CTHELPER.EXE
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x22000 5.12.0001.0441 C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL
0x009a0000 0x72000 5.12.0001.0445 C:\WINDOWS\SYSTEM32\CTDC0001.DLL
0x00a20000 0x29000 5.12.0001.0441 C:\WINDOWS\SYSTEM32\ctosuser.dll
0x00ba0000 0x1d000 5.12.0001.0441 C:\WINDOWS\SYSTEM32\CTDPROXY.DLL
0x00be0000 0x1d000 5.12.0001.0442 C:\WINDOWS\SYSTEM32\PIAPROXY.DLL
0x00c20000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
0x00c40000 0xc000 1.00.0001.0019 C:\WINDOWS\system32\ctspkhlp.dll
0x73e60000 0x5c000 5.03.2600.2180 C:\WINDOWS\system32\DSOUND.dll
0x00eb0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00fd0000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x73e30000 0x4000 5.03.2600.2180 C:\WINDOWS\system32\KsUser.dll
0x01300000 0xe000 5.12.0001.0400 C:\WINDOWS\CTDCRFRN.DLL
0x01320000 0xd000 5.12.0001.0142 C:\WINDOWS\CTDCRES.DLL
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
daemon.exe pid: 2556
Command line: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

Base Size Version Path
0x00400000 0x21000 4.03.0000.0000 C:\Program Files\DAEMON Tools\daemon.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\Comctl32.dll
0x10000000 0x5b000 4.03.0000.0000 C:\Program Files\DAEMON Tools\daemon.dll
0x74a50000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CFGMGR32.dll
0x008b0000 0x2d000 1.00.0000.0012 C:\Program Files\DAEMON Tools\PFCTOC.DLL
0x00980000 0x5000 1.00.0006.0000 C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll
0x00990000 0x5000 1.10.0000.0000 C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll
0x009a0000 0x9000 1.12.0000.0000 C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll
0x009b0000 0x6000 1.11.0000.0000 C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll
0x009c0000 0x5000 1.01.0000.0000 C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00c40000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00d60000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
avgas.exe pid: 2588
Command line: "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized

Base Size Version Path
0x00400000 0x675000 7.05.0001.0043 C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
0x10000000 0xde000 4.02.0000.0019 C:\Program Files\AVG Anti-Spyware 7.5\engine.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x00fd0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x02fc0000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x03420000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cb000 7.00.6000.16512 C:\WINDOWS\system32\ieframe.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
------------------------------------------------------------------------------
naomf.exe pid: 3384
Command line: "C:\Program Files\rnamfler\naomf.exe"

Base Size Version Path
0x00400000 0x1000 C:\Program Files\rnamfler\naomf.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
0x00fe0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
------------------------------------------------------------------------------
ashDisp.exe pid: 1956
Command line: "C:\PROGRA~1\Avast4\ashDisp.exe"

Base Size Version Path
0x00400000 0x11000 4.07.1029.0000 C:\PROGRA~1\Avast4\ashDisp.exe
0x64000000 0x12000 4.07.1029.0000 C:\PROGRA~1\Avast4\aswCmnOS.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x64500000 0x35000 4.07.1029.0000 C:\PROGRA~1\Avast4\ashBase.dll
0x64080000 0x1e000 4.07.1029.0000 C:\PROGRA~1\Avast4\aswCmnB.dll
0x64100000 0x2c000 4.07.1029.0000 C:\PROGRA~1\Avast4\aswCmnS.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x64800000 0x1b000 4.07.1029.0000 C:\PROGRA~1\Avast4\ashTask.dll
0x64580000 0xa2000 4.07.1029.0000 C:\PROGRA~1\Avast4\aswAux.dll
0x65000000 0x2d000 4.07.1029.0000 C:\PROGRA~1\Avast4\Aavm4h.dll
0x00ce0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x5d3f0000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\dbghelp.dll
0x66080000 0x18000 4.07.1004.0000 C:\Program Files\Avast4\French\Base.dll
0x66100000 0x26e000 4.07.1004.0000 C:\Program Files\Avast4\French\Lang.dll
0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x65100000 0x8000 4.07.1029.0000 C:\PROGRA~1\Avast4\AavmRpch.dll
0x65400000 0x11000 4.07.1029.0000 c:\program files\avast4\ahruimai.dll
0x64b00000 0x4b000 4.07.1029.0000 C:\PROGRA~1\Avast4\ashUInt.dll
0x64c80000 0xde000 1.09.0004.0000 C:\PROGRA~1\Avast4\XT1922.dll
0x65900000 0xa000 4.07.1029.0000 c:\program files\avast4\ahruimes.dll
0x659c0000 0xa000 4.07.1029.0000 c:\program files\avast4\ahruins.dll
0x65300000 0x17000 4.07.1029.0000 c:\program files\avast4\ahruiout.dll
0x621f0000 0x1f000 1.00.2536.0000 C:\WINDOWS\system32\MAPI32.dll
0x65940000 0xa000 4.07.1029.0000 c:\program files\avast4\ahruip2p.dll
0x65200000 0x11000 4.07.1029.0000 c:\program files\avast4\ahruistd.dll
0x01100000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x65a40000 0x12000 4.07.1029.0000 c:\program files\avast4\ahruiws.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
ctfmon.exe pid: 3644
Command line: "C:\WINDOWS\system32\ctfmon.exe"

Base Size Version Path
0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x5ffb0000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\MSUTB.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x008e0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00c10000 0x22000 C:\Program Files\rnamfler\radhslib.dll
------------------------------------------------------------------------------
radprcmp.exe pid: 2904
Command line: "c:\program files\rnamfler\radprcmp.exe"

Base Size Version Path
0x00400000 0x63000 c:\program files\rnamfler\radprcmp.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00910000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00930000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
------------------------------------------------------------------------------
msimn.exe pid: 3192
Command line: "C:\Program Files\Outlook Express\msimn.exe"

Base Size Version Path
0x01000000 0x12000 6.00.2900.2180 C:\Program Files\Outlook Express\msimn.exe
0x007c0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x008e0000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x60650000 0x148000 6.00.2900.3138 C:\Program Files\Outlook Express\MSOE.DLL
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76a80000 0x22000 6.00.2900.2180 C:\WINDOWS\system32\MSOERT2.dll
0x62ff0000 0x42000 6.00.2900.2180 C:\WINDOWS\system32\MSOEACCT.dll
0x75c80000 0xab000 6.00.2900.3138 C:\WINDOWS\system32\INETCOMM.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x717b0000 0x14000 6.00.2600.0000 C:\WINDOWS\system32\acctres.dll
0x20000000 0xe000 6.00.2900.2180 C:\WINDOWS\system32\inetres.dll
0x00a90000 0x26d000 6.00.2900.2180 C:\Program Files\Outlook Express\msoeres.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x77720000 0x170000 6.00.2900.2987 C:\WINDOWS\system32\SHDOCVW.DLL
0x00ff0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x44360000 0x5cb000 7.00.6000.16512 C:\WINDOWS\system32\ieframe.dll
0x60c50000 0xf000 6.00.2900.2180 C:\WINDOWS\system32\msident.dll
0x60c40000 0x6000 6.00.2600.0000 C:\WINDOWS\system32\msidntld.dll
0x5e430000 0xd000 5.01.2600.2180 C:\WINDOWS\system32\PSTOREC.DLL
0x6d2b0000 0x19000 6.00.2900.3138 C:\Program Files\Fichiers communs\System\directdb.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x013d0000 0x8e000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll
0x10000000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\mlang.dll
0x47050000 0x81000 6.00.2900.3138 C:\Program Files\Fichiers communs\System\wab32.dll
0x01a30000 0x42000 6.00.2900.2180 C:\Program Files\Fichiers communs\System\wab32res.dll
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x44a40000 0x371000 7.00.6000.16525 C:\WINDOWS\system32\mshtml.dll
0x01c20000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x74660000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\msimtf.dll
0x44000000 0x77000 7.00.6000.16512 C:\WINDOWS\system32\mshtmled.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x71ca0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x61930000 0x4a000 7.00.5730.0011 C:\Program Files\Internet Explorer\ieproxy.dll
------------------------------------------------------------------------------
iexplore.exe pid: 1068
Command line: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding

Base Size Version Path
0x00400000 0x9b000 7.00.6000.16512 C:\Program Files\Internet Explorer\IEXPLORE.EXE
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00940000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00960000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x44360000 0x5cb000 7.00.6000.16512 C:\WINDOWS\system32\IEFRAME.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5dff0000 0x2f000 7.00.5730.0011 C:\WINDOWS\system32\IEUI.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x4eb80000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x74660000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\msimtf.dll
0x10000000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
0x61930000 0x4a000 7.00.5730.0011 C:\Program Files\Internet Explorer\ieproxy.dll
0x012e0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x71ca0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x44a40000 0x371000 7.00.6000.16525 C:\WINDOWS\system32\mshtml.dll
0x01960000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x449d0000 0x60000 7.00.6000.16461 C:\WINDOWS\system32\ieapfltr.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\system32\schannel.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x1b000000 0xc000 7.00.5730.0011 C:\WINDOWS\system32\ImgUtil.dll
0x1b060000 0xe000 7.00.5730.0011 C:\WINDOWS\system32\pngfilt.dll
0x753c0000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll
0x30000000 0x2ee000 9.00.0028.0000 C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
0x35c50000 0x39000 7.00.5730.0011 C:\WINDOWS\system32\Dxtrans.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x6d8f0000 0xa000 5.03.2600.2180 C:\WINDOWS\system32\ddrawex.dll
0x736b0000 0x49000 5.03.2600.2180 C:\WINDOWS\system32\DDRAW.dll
0x73b10000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\DCIMAN32.dll
0x35cb0000 0x57000 7.00.5730.0011 C:\WINDOWS\system32\Dxtmsft.dll
0x73300000 0x65000 5.07.0000.5730 c:\windows\system32\vbscript.dll
0x58760000 0x32000 7.00.5730.0011 C:\WINDOWS\system32\iepeers.dll
0x44000000 0x77000 7.00.6000.16512 C:\WINDOWS\system32\mshtmled.dll
0x79000000 0x45000 2.00.50727.0253 C:\WINDOWS\system32\mscoree.dll
0x79410000 0x15000 1.01.4322.2407 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
0x79480000 0x19000 1.01.4322.2407 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
0x75f10000 0xfd000 6.00.2900.2995 C:\WINDOWS\system32\browseui.dll
0x43fb0000 0x33000 7.00.6000.16512 C:\WINDOWS\system32\MSRATING.DLL
0x08af0000 0x54a000 10.00.0000.4058 C:\WINDOWS\system32\wmp.dll
0x75ba0000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\MSVFW32.dll
0x09040000 0x344000 10.00.0000.3802 C:\WINDOWS\system32\wmploc.dll
0x69000000 0xe000 10.01.0001.0016 C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
0x20a20000 0x8000 7.00.6000.16414 C:\WINDOWS\system32\corpol.dll
0x5f800000 0x15000 1.01.1593.0000 C:\PROGRA~1\WINDOW~4\MpOAv.dll
0x78130000 0x9b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
0x06b50000 0x16000 1.01.1593.0000 C:\PROGRA~1\WINDOW~4\MpShHook.dll
0x77720000 0x170000 6.00.2900.2987 C:\WINDOWS\system32\SHDOCVW.dll
------------------------------------------------------------------------------
CopernicAgent.ex
0
Réponse 4 / 6
kilrathy2
2 sept. 2007 à 01:45
systemscan suite...

CopernicAgent.exe pid: 3608
Command line: "C:\Program Files\Copernic Agent\CopernicAgent.exe"

Base Size Version Path
0x00400000 0x429000 6.01.0002.0000 C:\Program Files\Copernic Agent\CopernicAgent.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x00da0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00ec0000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
0x011e0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\olepro32.dll
0x71ef0000 0x4000 5.01.2600.2180 C:\WINDOWS\system32\security.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\oleacc.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x44360000 0x5cb000 7.00.6000.16512 C:\WINDOWS\system32\ieframe.dll
0x02c30000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
sys81641[1].exe pid: 2928
Command line: "C:\Documents and Settings\PATRICK\Local Settings\Temporary Internet Files\Content.IE5\8GMO21WT\sys81641[1].exe"

Base Size Version Path
0x00400000 0x39000 C:\Documents and Settings\PATRICK\Local Settings\Temporary Internet Files\Content.IE5\8GMO21WT\sys81641[1].exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x008d0000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x008f0000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
------------------------------------------------------------------------------
runme.exe pid: 652
Command line: runme.exe

Base Size Version Path
0x00400000 0x58000 3.02.0000.0000 C:\DOCUME~1\PATRICK\LOCALS~1\Temp\nsv32.tmp\runme.exe
0x66000000 0x152000 6.00.0097.0082 C:\WINDOWS\system32\MSVBVM60.DLL
0x00d20000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00e40000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x66630000 0x20000 6.00.0089.0088 C:\WINDOWS\system32\VB6FR.DLL
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x10000 1.00.0000.0008 C:\WINDOWS\system32\ctagent.dll
0x734f0000 0x25000 5.06.0000.8820 C:\WINDOWS\system32\scrrun.dll
------------------------------------------------------------------------------
cmd.exe pid: 2700
Command line: cmd /c sqithpttpx.exe >> C:\suspectfile\tempd.txt

Base Size Version Path
0x4ad00000 0x64000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00990000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x00ab0000 0x22000 C:\Program Files\rnamfler\radhslib.dll
------------------------------------------------------------------------------
sqithpttpx.exe pid: 2684
Command line: sqithpttpx.exe

Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\DOCUME~1\PATRICK\LOCALS~1\Temp\nsv32.tmp\sqithpttpx.exe
0x00370000 0x1a000 C:\Program Files\rnamfler\radprlib.dll
0x003b0000 0x22000 C:\Program Files\rnamfler\radhslib.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

===================== Hidden Objects =====================


SCAN ABORTED: an unknown error has occurred. Please check Rootkit presence with another tool

===================== Checking Rustock rootkit =====================



===================== Checking Suspicious files =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\

C:\WINDOWS\system32\auth.dll --> is compressed with UPX
C:\WINDOWS\system32\msvc32.dll --> is compressed with Upack
C:\WINDOWS\system32\nLame.dll --> is compressed with UPX
C:\WINDOWS\system32\ogg.dll --> is compressed with UPX
C:\WINDOWS\system32\ThriXXX010104Z.dll --> is compressed with UPX
C:\WINDOWS\system32\ThriXXX010205PNG.dll --> is compressed with UPX
C:\WINDOWS\system32\ThriXXX015003JP2.dll --> is compressed with UPX
C:\WINDOWS\system32\vorbis.dll --> is compressed with UPX

==========================================
Scan completed in 2,2 minutes
End of report
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Utilisateur anonyme
Modifié le 2 sept. 2007 à 19:00
¤ Fais ce nettoyage: à faire réguliérement

*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "réparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problèmes.

- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"

Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
http://redir.fr/gmll



¤ Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous

C:\WINDOWS\BDOSCAN8
C:\rapport.txt
C:\suspectfile
C:\WINDOWS\system32\winservcs32.dll
C:\DOCUME~1\PATRICK\LOCALS~1\Temp\nsv32.tmp
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KHMAPLO2\
C:\WINDOWS\system32\msvc32.dll
C:\WINDOWS\system32\ThriXXX010104Z.dll
C:\WINDOWS\system32\ThriXXX010205PNG.dll
C:\WINDOWS\system32\ThriXXX015003JP2.dll

Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
Clic sur le boutton rouge Moveit et ferme OTMoveIt
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles



¤ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.



¤ Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe Kerio pour plus de sécurité

Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gbom

Plus d'info :
-> https://kerio.probb.fr/


ça devrait aller mieux après ça ;-)

C'est en forgeant que l'on devient forgeron !
*| site perso pour "forger" dans mon profil |*
0
Réponse 6 / 6
kilrathy2
2 sept. 2007 à 19:00
OK merci boulepat62, j'ai fait ta procédure, voici les rapports :

C:\WINDOWS\BDOSCAN8\plugins moved successfully.
C:\WINDOWS\BDOSCAN8 moved successfully.
C:\rapport.txt moved successfully.
Folder move failed. C:\suspectfile\zia03936 scheduled to be moved on reboot.
Folder move failed. C:\suspectfile\02_09_2007_01 scheduled to be moved on reboot.
C:\suspectfile moved successfully.
File/Folder C:\WINDOWS\system32\winservcs32.dll not found.
File/Folder C:\DOCUME~1\PATRICK\LOCALS~1\Temp\nsv32.tmp not found.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KHMAPLO2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\msvc32.dll
C:\WINDOWS\system32\msvc32.dll NOT unregistered.
C:\WINDOWS\system32\msvc32.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ThriXXX010104Z.dll
C:\WINDOWS\system32\ThriXXX010104Z.dll NOT unregistered.
C:\WINDOWS\system32\ThriXXX010104Z.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ThriXXX010205PNG.dll
C:\WINDOWS\system32\ThriXXX010205PNG.dll NOT unregistered.
C:\WINDOWS\system32\ThriXXX010205PNG.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ThriXXX015003JP2.dll
C:\WINDOWS\system32\ThriXXX015003JP2.dll NOT unregistered.
C:\WINDOWS\system32\ThriXXX015003JP2.dll moved successfully.
Created on 09/02/2007 16:03:22


SDFix: Version 1.101
Run by PATRICK on 02/09/2007 at 16:12
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\PATRICK\Bureau\Sdfix\SDFix
Safe Mode:
Checking Services:
Name:
sb67120032
ImagePath:
%SystemRoot%\System32\svchost.exe -k netsvcs
sb67120032 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\EMCO Malware Destroyer\\MalwareDestroyer.exe"="C:\\Program Files\\EMCO Malware Destroyer\\MalwareDestroyer.exe:*:Enabled:Malware Scanner for Home User's"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Files with Hidden Attributes:
C:\Documents and Settings\All Users\Documents\Mes images\Guinaliere 2007 blog\ads.canalblog.com\Thumbs.db
C:\Documents and Settings\All Users\Documents\Mes images\Guinaliere 2007 blog\logc19.xiti.com\Thumbs.db
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\msvc32.dll
C:\Documents and Settings\ISABELLE & ALICE\Local Settings\Temp\~WRL0005.tmp
C:\Documents and Settings\JEUX\Local Settings\Temp\IEC80.tmp
C:\Program Files\wunauclt.zip

Finished
0

Discussions similaires

Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Trojan alerte
Titou43 -
gen-hackman -

23 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses