Flux rss
Ils ont besoin de votre aide
Collection CommentÇaMarche.net
Rechercher : dans
Par : Mots clés Nom d'utilisateur
Messages sans réponse

[Virus] Il m'empeche d'ouvrir des pages web

franckyll, le mardi 4 avril 2006 à 10:19:28 
 Signaler ce message aux modérateurs

Salut a tous, alors voila mon pc est infecté de virus ( suite a une désactivation du pare-feu d'xp) et j'ai fait un log via hijackthis pour éssayer de les trouver mais je ne comprends pas trop ce log.Pouvez-vous m'aider ?
Voici le log :

Logfile of HijackThis v1.99.1
Scan saved at 10:12:11, on 04/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\Fichiers

communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update\wuauclt.exe
C:\WINDOWS\system32\winscntrl.exe
C:\WINDOWS\system32\wumd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and

Settings\franck\Bureau\hijackthis\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook:

{1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no

file)
O2 - BHO: (no name) -

{20D57A66-F7DF-467d-907B-9B7F4A118AB7} -

C:\WINDOWS\system32\pmnlm.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program

Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program

Files\Fichiers

communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX]

C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program

Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program

Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft (R) Windows Update

Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt]

C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [chat] winhost32.exe
O4 - HKCU\..\Run: [Cars] "C:\Program

Files\ptas\lras.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk =

C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir

de l'anglais - res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées -

res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires -

res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google -

res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page

actuelle disponible dans le cache Google -

res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor -

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch -

{5D602A21-B929-11d7-A5D3-005022E14DE2} -

http://softsearch.ru (file missing)
O9 - Extra button: (no name) -

{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}

(PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}

(Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.c

ab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2005111401/hous

ecall.trendmicro.com/housecall/xscan53.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-4

8AC-A4BB-3AA71C6ACD34}: NameServer = 86.64.145.142

84.103.237.142
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:

C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: pmnlm -

C:\WINDOWS\SYSTEM32\pmnlm.dll
O20 - Winlogon Notify: SharedDLLs -

C:\WINDOWS\system32\dnnu0159e.dll
O20 - Winlogon Notify: WRNotifier -

C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service

(aswUpdSv) - Unknown owner - C:\Program

Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI

Technologies Inc. -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner -

C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner

- C:\Program Files\Avast4\ashMaiSv.exe" /service

(file missing)
O23 - Service: avast! Web Scanner - Unknown owner

- C:\Program Files\Avast4\ashWebSv.exe" /service

(file missing)
O23 - Service: ewido security suite control -

ewido networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido

networks - C:\Program Files\ewido

anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation - C:\Program

Files\Fichiers

communs\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH -

C:\WINDOWS\System32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0

(experimental) (rpcapd) - Unknown owner -

%ProgramFiles%\WinPcap\rpcapd.exe" -d -f

"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper)

- PC Tools Research Pty Ltd - C:\Program

Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine

(svcWRSSSDK) - Webroot Software, Inc. - C:\Program

Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Manager

(UpdateManager) - Unknown owner -

C:\WINDOWS\update\updmgr.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc)

- Unknown owner - C:\WINDOWS\update\wuauclt.exe
O23 - Service: wins(WINS) (wins) - Unknown owner -

C:\WINDOWS\system32\winscntrl.exe (file missing)
O23 - Service: Windows User Mode Drivers (WUMD) -

Unknown owner - C:\WINDOWS\system32\wumd.exe (file

missing)

Meilleures réponses pour « [Virus] Il m'empeche d'ouvrir des pages web »
27 réponses 12 Suivant
Posez votre question Répondre

1

aranjuez31, le mardi 4 avril 2006 à 10:20:51

Hello
Merci de procéder dans l’ordre,
Télécharge TOUS ces programmes (si tu n’as pas), installe-les.
Fais les mises à jour des progr 1/, 2/, 3/
Scan avec TOUS, COLLE les rapports de 3/ & 6/

1/ -Ad-Aware (gratuit) :
http://www.pcentraide.com/index.php?showtopic=188

2/ - Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

3/ - Ewido (dowload)- gratuit même après 14 jours d’essai
http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
Copie/COLLE le rapport généré sur ce forum


4/ - regcleaner ( nettoyeur de registre)
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
Son tuto
http://www.softastuces.com/tuto/maint/regcleaner/index.php

5/ - cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..)
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Démo
http://pageperso.aol.fr/balltrap34/democleanup.htm

6/ - Scan online avec BitDefender – fonctionne uniquement sous Internet Explorer en acceptant l’activX (à défaut de réussite, essaie avec Kasper et Panda )
http://assiste.free.fr/p/antivirus_gratuits_en_ligne/antivirus_en_ligne.php
Copie/COLLE le rapport entier

7/ - Hijackthis – outil de diagnostic et réparation
remettre un rapport

Au boulot – Bon courage
"D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31

2

franckyll, le mardi 4 avril 2006 à 16:26:15

Alors voila le log de HIJACKTHIS:

------------------------------------------------------------­----------------
Logfile of HijackThis v1.99.1
Scan saved at 16:18:24, on 04/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\pmnlm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [chat] winhost32.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.196.40 80.118.192.110
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\SYSTEM32\pmnlm.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\en82l1lo1.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe
O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe (file missing)
O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe (file missing)
----------------------------------------------------------------------------
EWIDO:

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 16:17:37, 04/04/2006
+ Somme de contrôle: B8F2EA3

+ Résultats du scan:

[1536] C:\WINDOWS\system32\mcdxmlc.dll -> Adware.Look2Me : Erreur durant le nettoyage
[1792] C:\WINDOWS\system32\mcdxmlc.dll -> Adware.Look2Me : Erreur durant le nettoyage
C:\WINDOWS\system32\pmnlm.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
C:\Documents and Settings\franck\Cookies\franck@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\franck\Cookies\franck@com[1].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\franck\Cookies\franck@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder


::Fin du rapport
----------------------------------------------------------------------------
Et pour le scan BITDEFENDER , il est sorti sous la forme d'un tableau donc je l'ai mis sur mon FTP : http://dj.franckyll.free.fr/ccm/scan%20bitdefender.jpg


voila

   
Répondre à franckyll

3

aranjuez31, le mardi 4 avril 2006 à 17:06:41

Hello
ben ya du boulot
==============
tu commences par virer cette merde de "msn+",
via ajout/suppression de programmes

tu remettras plus tard, qd on aura réparer ses dégats, en prenant garde à ceci
http://theroot.chez-alice.fr/imgs/tuto/msgplus.jpg
==============
je continue à lire
te donnerai les soluces un peu plus tard
=============
fais ceci pendant que je prépare le combat

Télécharger ceci (merci a S!RI pour ce petit programme) :
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
L' exécuter, puis double-clic sur Smitfraudfix.cmd
Choisir l’option 1, il va générer un rapport
Copier-COLLER ce dernier sur le forum.
En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
====

"D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31

4

franckyll, le mardi 4 avril 2006 à 17:13:05

SmitFraudFix v2.28

Rapport fait à 17:13:32,21, 04/04/2006
Executé à partir de C:\Documents and Settings\franck\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\franck\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\franck\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

   
Répondre à franckyll

5

aranjuez31, le mardi 4 avril 2006 à 17:16:38

Un autre nettoyage rapide

ouvre hijack
fixe lignes suivantes inutiles au run

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.ca­b
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.tren­dmicro.com/housecall/...
+
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
+
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
================
je n ai pas encore commencé la désinfection
c était juste pour y voir plus clair
"D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31

6

aranjuez31, le mardi 4 avril 2006 à 17:23:04

Je déplace ton log, amputé des corrections ddées pour le confort de lecture

Logfile of HijackThis v1.99.1
Scan saved at 16:18:24, on 04/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)

O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\pmnlm.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [chat] winhost32.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.196.40 80.118.192.110

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\SYSTEM32\pmnlm.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\en82l1lo1.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe
O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe (file missing)
O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe (file missing)



"D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31

7

aranjuez31, le mardi 4 avril 2006 à 18:14:42

Procéde comme suit
imprime si besoin
==============
1/ - Déconnecte d'Internet et ferme tou les programmes en cours.
++++++
2/ - チ Redémarrer en mode sans échec

Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
(Si F8 ne marche pas, essai F5)
++++++++++
3/ - チ Rendre visible les fichiers cachés et système

panneau de configuration > options des dossiers > onglet affichage
Coche la case devant " afficher les fichiers et dossiers cachés "
Décoche la case devant " masquer les extensions des fichiers dont le type est connu"
Décoche la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

4/ - チ Lancer HijackThis et cliquer sur [Do a system scan only]
cocher la case au début des lignes suivantes :

O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

valider en cliquant sur le bouton [fix checked]

+++++++++++++++++++++++
5/ -チ Recherche et supprime ces dossiers :

va dans :
C:\WINDOWS\system32\mcdxmlc.dll
recherche et supprime
- mcdxmlc.dll

va dans :
C:\WINDOWS\update\wuauclt.exe
recherche et suprime
-wuauclt.exe

++++++++++++++++++++
6 bis/ -
déma + "rechercher" fichiers suivants:

-winhost32.exe
-lich.exe

supprime-les

++++++++++++++++
6 ter/ -
touche windows+r
tape services.msc +OK
recherche ces programmes

-O&O Defrag - O&O Software GmbH
-wins(WINS) (wins)
-Windows Update Manager (UpdateManager)
-Windows User Mode Drivers (WUMD)

et désactive-les
++++++++++++++++++
7/ -Ensuite, très important :

fais fonctionner Ewido
vire tt ce qu il trouve

:: Supprime les fichiers temporaires en
exécutant cleanup40.

vide la corbeille

++++++++++++++++++++
8/ -
+++++++++++++++++++++++
9/ - remasque dossiers cachés en faisant chemin inverse du paragraphe 3/
+++++++++++++++++++
10/ - Redémarre normalement et recolle un Hijack sur forum
================
je ne vois pas ton pare-feu
quel est -il ???

ce n est pas fini

"D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31

8

aranjuez31, le mardi 4 avril 2006 à 18:20:15

Re
ai des doutes sur les 020
donc fais ceci

Installer L2mfix là (nettoie ligne O20 de Hijackthis)
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
http://users.skynet.be/BernieClub/tools.html

1. extraire le fichier sur le bureau

2. désactiver l'antivirus (car process est détecté faussement comme virus malware par certains antivirus)

3. lancer l2mfix.bat et sélectionner l'option #1 et faire Enter pour faire apparaître le log (cela prend qqs minutes)

4. Copie le log et colle sur forum

=====
attendre que j ai lu avant de continuer
car peut-être inutile
===============

5. Fermes toutes tes fenêtres windows

6. Relances l2mfix.bat et sélectionne l'option #2

7. l'ordi va redémarrer automatiquement sinon le faire manuellement

8. Recopie le log et colle-le à nouveau sur forum

9. Remets un rapport hijack
=========

ouf , ai mérité l'apéro !!
"D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31

9

franckyll, le mardi 4 avril 2006 à 19:33:07

Voila j'ai fait tout ce que tu m'a dit a part quelques exceptions que je doit te communiquer:
-je n'ai pas trouvé dans hijackthis :O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
-je n'ai pas réussi a supprimer C:\WINDOWS\system32\mcdxmlc.dll car windows me dit qu'il est utilisé
-Je n'ai pas trouvé les fichiers: Winhost32.exe et lich.exe sur mon pc
-Les 4 programmes :-O&O Defrag - O&O Software GmbH,wins(WINS) (wins),Windows Update Manager (UpdateManager),Windows User Mode Drivers (WUMD) étaient déjà désactivé mais j'ai modifié le démarrage de service ( auto,manu et désactivé) j'ai choisi Désactivé.

Voici le log de l2mfix:

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en82l1lo1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlm]
"Asynchronous"=dword:00000001
"DllName"="pmnlm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mcdxmlc.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{80699D1C-9FD0-DCE9-8977-C667589C04EA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="Mes photos Logitech"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"MP3-Info extension"="{448f4a40-2602-11d1-b4c0-080000051171}"
"{BA9E2365-8724-47B7-AEC3-137D7C212AB9}"=""
"{F81A20FF-832E-4F59-B23B-C2174207CC6E}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}\InprocServer32]
@="C:\\WINDOWS\\system32\\apferror.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
apferror.dll Tue 4 Apr 2006 19:24:48 ..S.R 235 642 230,12 K
ati2cqag.dll Wed 22 Feb 2006 5:04:50 A.... 258 048 252,00 K
ati2dvag.dll Wed 22 Feb 2006 5:46:48 A.... 256 512 250,50 K
ati2edxx.dll Wed 22 Feb 2006 5:40:42 A.... 40 960 40,00 K
ati2evxx.dll Wed 22 Feb 2006 5:40:30 A.... 61 440 60,00 K
ati3duag.dll Wed 22 Feb 2006 5:30:46 A.... 2 636 672 2,51 M
atiddc.dll Wed 22 Feb 2006 5:38:50 A.... 53 248 52,00 K
atidemgr.dll Wed 22 Feb 2006 4:21:36 A.... 282 624 276,00 K
atiiiexx.dll Wed 22 Feb 2006 5:20:06 A.... 307 200 300,00 K
atikvmag.dll Wed 22 Feb 2006 5:11:02 A.... 151 552 148,00 K
atioglx1.dll Wed 22 Feb 2006 5:27:14 A.... 6 684 672 6,38 M
atioglxx.dll Wed 22 Feb 2006 5:11:14 A.... 5 124 096 4,89 M
atipdlxx.dll Wed 22 Feb 2006 5:41:10 A.... 114 688 112,00 K
atitvo32.dll Wed 22 Feb 2006 5:10:22 A.... 17 408 17,00 K
ativvaxx.dll Wed 22 Feb 2006 5:24:30 A.... 860 480 840,31 K
fp6q03~1.dll Tue 4 Apr 2006 19:24:48 ..S.R 236 205 230,67 K
mcdxmlc.dll Tue 4 Apr 2006 11:51:58 ..... 235 642 230,12 K
oemdspif.dll Wed 22 Feb 2006 5:40:56 A.... 77 824 76,00 K
wbhelp2.dll Sat 14 Jan 2006 14:36:58 A.... 50 688 49,50 K

19 items found: 19 files (2 H/S), 0 directories.
Total of file sizes: 17 685 601 bytes 16,86 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C0C2-2091

R‚pertoire de C:\WINDOWS\System32

04/04/2006 19:24 235ÿ642 apferror.dll
04/04/2006 19:24 236ÿ205 fp6q03j5e.dll
04/04/2006 15:03 <REP> dllcache
02/04/2006 18:46 <REP> Microsoft
08/02/2006 13:27 13ÿ560 KGyGaAvL.sys
3 fichier(s) 485ÿ407 octets
2 R‚p(s) 17ÿ223ÿ020ÿ544 octets libres

   
Répondre à franckyll

10

aranjuez31, le mardi 4 avril 2006 à 20:19:35

Youpi
ya une saloperie

donc fais la suite

5. Fermes toutes tes fenêtres windows

6. Relances l2mfix.bat et sélectionne l'option #2

7. l'ordi va redémarrer automatiquement sinon le faire manuellement

8. Recopie le log et colle-le à nouveau sur forum

9. Remets un rapport hijack
=========

ouf , ai mérité un 2ém apéro "D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31

11

franckyll, le mardi 4 avril 2006 à 21:34:19

L2mfix 032106
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 676 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'w

   
Répondre à franckyll

12

franckyll, le mardi 4 avril 2006 à 21:38:49

Mince j'avait pas vu que le log était aussi long, je te le remet mais en supprimant toutes les Killing PID 780 'winlogon.exe' inutiles (y'en avait plein !)
------------------------------------------------------------­------------
L2mfix 032106
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 676 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 780 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1656 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
************************************************************­****************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en82l1lo1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlm]
"Asynchronous"=dword:00000001
"DllName"="pmnlm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mcdxmlc.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/fp6q03j5e.dll (164 bytes security) (deflated 5%)
adding: dlls/mcdxmlc.dll (164 bytes security) (deflated 5%)
adding: backregs/F81A20FF-832E-4F59-B23B-C2174207CC6E.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
----------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:35:27, on 04/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
O4 - Global Startup: eEye JScript Patch Checker.lnk = C:\Program Files\eEye Digital Security\Jscript Patch\jscriptpatchchecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.192.112 80.118.196.42
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\en82l1lo1.dll (file missing)
O20 - Winlogon Notify: pmnlm - pmnlm.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\mcdxmlc.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe (file missing)

   
Répondre à franckyll

13

aranjuez31, le mercredi 5 avril 2006 à 01:44:40

Re
=====
le copié/collé suivant est la fin de l option 1

R‚pertoire de C:\WINDOWS\System32

04/04/2006 19:24 235ÿ642 apferror.dll
04/04/2006 19:24 236ÿ205 fp6q03j5e.dll
04/04/2006 15:03 <REP> dllcache
02/04/2006 18:46 <REP> Microsoft
08/02/2006 13:27 13ÿ560 KGyGaAvL.sys
3 fichier(s) 485ÿ407 octets
2 R‚p(s) 17ÿ223ÿ020ÿ544 octets libres

c est la partie qui "parle" pour moi
=================
donc c est l équivalent de l option 2 qu il me faut

ah non , pas la peine je vois que cela a fonctionné sur le rapport hijack
========
ouvre donc hijack et fixe

O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\en82l1lo1.dll (file missing)

O20 - Winlogon Notify: pmnlm - pmnlm.dll (file missing)

O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\mcdxmlc.dll (file missing)
=========
sorry mais je ne vois plus l écran
dodo pour ma pomme
je regarderai en détail au tideuj
======
ah question demeurée sans réponse

e ne vois pas ton pare-feu
quel est -il ???
============= "D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31

14

franckyll, le mercredi 5 avril 2006 à 10:13:01

Ben je ne sais pas si c'est un pare-feu mais j'utilisais la protection résidente de AVAST! et le pare-feu de windows xp

   
Répondre à franckyll

15

aranjuez31, le mercredi 5 avril 2006 à 11:30:06

Hello

c est ce qu il me semblait
insuffisant
celui de wind n est qu un joujou
donc au boulot
tu vas en mettre un vrai
ensuite tu désactivera le p-f wind

telech kerio gratos
http://www.clubic.com/telecharger-fiche11071-kerio-personal-­firewall.html
lis son tuto
http://kerio.probb.fr/
"D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31

16

aranjuez31, le mercredi 5 avril 2006 à 11:42:15

Re
ouvre ton hijack
fixe lignes suivantes :

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
+
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
+
ya encore 2 lignes que je dois vérifier car inconnues

as-tu un log nommé "cars" ou "ptas" que tu aurais téléchargé ?

"D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31

17

franckyll, le mercredi 5 avril 2006 à 12:35:26

Non , je ne me souviens pas avoir téléchargé un des ceux 2 logiciels...

   
Répondre à franckyll

18

franckyll, le mercredi 5 avril 2006 à 12:52:22

Non , je ne me souviens pas avoir téléchargé un des ceux 2 logiciels...

   
Répondre à franckyll

19

aranjuez31, le mercredi 5 avril 2006 à 13:07:53

Re

bon ,on va ce dont je ne trouve aucune légitimité
cela a trait à ces 2 lignes :

O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe

O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
======
1/ déconnecte toi du net

2/ mets toi en mode sans échec

3/ fais apparaître dossiers cachés de cette façon

Clic sur Démarrer/Panneau de Configuration/Options des dossiers/Affichage :
Coche Afficher les dossiers cachés
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche "Masquer les extensions dont le type est connu"
Puis fais «OK» pour valider les changements.
Et appliquer

4/ va dans ajout/suppr
recherche progr "Cars" ou "ptas"
desinstalle si tu trouves

5/ouvre hijack
fixe les 2 threads :

O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe

O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb


6/ déma+poste de travail+HDD(C)

va dans
C:\Program Files\ptas\lras.exe" -vt yazb
recherche et supprime
- lras.exe

va dans
C:\WINDOWS\System32\kruychkma.exe
recherche et supprime
- kruychkma.exe

si tu ne trouves pas :
déma+"rechercher" tour à tour
- lras.exe
- kruychkma.exe
que tu dois supprimer

7/ important
- faire fonctionner cleanup40
- scan avec Ewido, détruire tt ce qu il trouve
- vider poubelle

8/ne pas oublier de refaire le chemin de 3/ en sens inverse pour remasquer les dossiers cachés

9/ redémarre en mode normal

10/ remets un nouveau hijack


"D'un bourricot , on n'a jamais fait un étalon, mais........parfois on réussit à le faire avancer

   
Répondre à aranjuez31
27 réponses 12 Suivant
Posez votre question Répondre
Lenteur ouverture page web Bonjour, L'ouverture des logiciels ou même l'affichage des pages web est lent. Voici ma configuration: XP sp2 Edition familiale Processeur Celeron 2Ghz Carte graphique Geforce 4Mx440 avec agp8x, mémoire 64 MB Ram 512Mhz Le remplacement du Celeron par... www.commentcamarche.net/forum/affich-3909019-lenteur-ouverture-page-web
Ouverture pages web intempestive Bonjour, Ca y est ! Je fais parti de la grande famille des pestiférés !!! Mon micro a atttrapé un truc pas net qui déclenche l'ouverture de pages web non désirées (majorité de pages pour antivirus online). A noter que depuis que j'ai ce truc mon... www.commentcamarche.net/forum/affich-2756600-ouverture-pages-web-intempestive
Empecher le rafraichissement du page web Bonjour, Je voudrais savoir s'il est possible d"empecher une page web d'un site quelconque de se rafraichir automatiquement et avec quel navigateur est-ce possible (ie, firefox, opera...) Existe t-il des plugins adaptés a cet effet. Merci de votre aide www.commentcamarche.net/forum/affich-7757209-empecher-le-rafraichissement-du-page-web
[mythes] On peut protéger une page web/une image contre la copieMythe On peut empêcher la copie d'une page web ou d'une image. On peut empêcher de voir le source d'une page HTML. On peut empêcher la copie d'une vidéo, d'une musique. Réalité FAUX Explications Quelle que soit la nature d'un document (page... www.commentcamarche.net/faq/sujet-3134-mythes-on-peut-proteger-une-page-web-une-image-contre-la-copie
[Webmaster] Publier facilement une vidéo dans une page webPublier une vidéo dans une page web n'est pas toujours évident: Selon le format (AVI, MPG, MOV...) tout le monde ne possède pas forcément le bon plugin et le bon codec. En revanche, la quasi-totalité des navigateurs possèdent le plugin Flash (SWF).... www.commentcamarche.net/faq/sujet-3049-webmaster-publier-facilement-une-video-dans-une-page-web
Javascript - Centrer verticalement une page webPour centrer verticalement une page web, impossible de s'en sortir en css. Une solution bien pratique : JavaScript. 1. Le fichier .js 2. La page .html 3. Utilisation 4. Inconvénients 5. Rappel Merci à Dalida pour la source du fichier... www.commentcamarche.net/faq/sujet-9867-javascript-centrer-verticalement-une-page-web
Résultats pour [Virus] Il m'empeche d'ouvrir des pages web
Problème ouverture page web avec vistaBonjour, j'ai un problème d'accés aux pages web (avec internet explorer) sous vista. Il y a 2 ordi sous xp qui n'ont aucun prbm (dont 1 en wifi). Mon portable est en wifi sous Vista. Je reçois la connexion mais dés que je clic sur Internet explorer,... www.commentcamarche.net/forum/affich-9267368-probleme-ouverture-page-web-avec-vista
Comment empecher des pages de s'ouvrir (Résolu)Bonjour, comment empêcher des pages de s'ouvrir .Quand je suis sur le net il y des pages qui s'ouvre toutes les 2mn comme http://fp.pc-on-internet.com/ ou bouygues ou www.cmonjour.com ou la redoute ... c'est des pages que je n'est jamais ouvert mais... www.commentcamarche.net/forum/affich-5858325-comment-empecher-des-pages-de-s-ouvrir
Probleme page web qui s'ouvre toute seul (Résolu)Bonjour, probleme de page web qui s'ouvre toute seule ! On ma dit de faire une recherche avec navilog ! et je cherche quelqun qui pourrait me dire quoi faire en regardant le rapport !! merci www.commentcamarche.net/forum/affich-3675980-probleme-page-web-qui-s-ouvre-toute-seul
Résultats pour [Virus] Il m'empeche d'ouvrir des pages web