[Virus] Il m'empeche d'ouvrir des pages web
Résolu/Fermé
franckyll
-
4 avril 2006 à 10:19
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 - 7 avril 2006 à 15:26
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 - 7 avril 2006 à 15:26
A voir également:
- [Virus] Il m'empeche d'ouvrir des pages web
- Traduire une page web - Guide
- Ouvrir fichier .bin - Guide
- Supprimer des pages sur word - Guide
- Comment ouvrir un fichier epub ? - Guide
- Instagram web - Guide
27 réponses
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
4 avril 2006 à 10:20
4 avril 2006 à 10:20
Hello
Merci de procéder dans l’ordre,
Télécharge TOUS ces programmes (si tu n’as pas), installe-les.
Fais les mises à jour des progr 1/, 2/, 3/
Scan avec TOUS, COLLE les rapports de 3/ & 6/
1/ -Ad-Aware (gratuit) :
https://forums.cnetfrance.fr
2/ - Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
3/ - Ewido (dowload)- gratuit même après 14 jours d’essai
http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
Copie/COLLE le rapport généré sur ce forum
4/ - regcleaner ( nettoyeur de registre)
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
Son tuto
http://www.softastuces.com/tuto/maint/regcleaner/index.php
5/ - cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..)
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Démo
http://pageperso.aol.fr/balltrap34/democleanup.htm
6/ - Scan online avec BitDefender – fonctionne uniquement sous Internet Explorer en acceptant l’activX (à défaut de réussite, essaie avec Kasper et Panda )
https://assiste.com/404_La_page_demandee_n_existe_pas.php
Copie/COLLE le rapport entier
7/ - Hijackthis – outil de diagnostic et réparation
remettre un rapport
Au boulot – Bon courage
Merci de procéder dans l’ordre,
Télécharge TOUS ces programmes (si tu n’as pas), installe-les.
Fais les mises à jour des progr 1/, 2/, 3/
Scan avec TOUS, COLLE les rapports de 3/ & 6/
1/ -Ad-Aware (gratuit) :
https://forums.cnetfrance.fr
2/ - Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
3/ - Ewido (dowload)- gratuit même après 14 jours d’essai
http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
Copie/COLLE le rapport généré sur ce forum
4/ - regcleaner ( nettoyeur de registre)
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
Son tuto
http://www.softastuces.com/tuto/maint/regcleaner/index.php
5/ - cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..)
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Démo
http://pageperso.aol.fr/balltrap34/democleanup.htm
6/ - Scan online avec BitDefender – fonctionne uniquement sous Internet Explorer en acceptant l’activX (à défaut de réussite, essaie avec Kasper et Panda )
https://assiste.com/404_La_page_demandee_n_existe_pas.php
Copie/COLLE le rapport entier
7/ - Hijackthis – outil de diagnostic et réparation
remettre un rapport
Au boulot – Bon courage
alors voila le log de HIJACKTHIS:
----------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 16:18:24, on 04/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\pmnlm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [chat] winhost32.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.196.40 80.118.192.110
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\SYSTEM32\pmnlm.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\en82l1lo1.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe
O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe (file missing)
O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe (file missing)
----------------------------------------------------------------------------
EWIDO:
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 16:17:37, 04/04/2006
+ Somme de contrôle: B8F2EA3
+ Résultats du scan:
[1536] C:\WINDOWS\system32\mcdxmlc.dll -> Adware.Look2Me : Erreur durant le nettoyage
[1792] C:\WINDOWS\system32\mcdxmlc.dll -> Adware.Look2Me : Erreur durant le nettoyage
C:\WINDOWS\system32\pmnlm.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
C:\Documents and Settings\franck\Cookies\franck@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\franck\Cookies\franck@com[1].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\franck\Cookies\franck@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder
::Fin du rapport
----------------------------------------------------------------------------
Et pour le scan BITDEFENDER , il est sorti sous la forme d'un tableau donc je l'ai mis sur mon FTP : http://dj.franckyll.free.fr/ccm/scan%20bitdefender.jpg
voila
----------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 16:18:24, on 04/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\pmnlm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [chat] winhost32.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.196.40 80.118.192.110
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\SYSTEM32\pmnlm.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\en82l1lo1.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe
O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe (file missing)
O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe (file missing)
----------------------------------------------------------------------------
EWIDO:
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 16:17:37, 04/04/2006
+ Somme de contrôle: B8F2EA3
+ Résultats du scan:
[1536] C:\WINDOWS\system32\mcdxmlc.dll -> Adware.Look2Me : Erreur durant le nettoyage
[1792] C:\WINDOWS\system32\mcdxmlc.dll -> Adware.Look2Me : Erreur durant le nettoyage
C:\WINDOWS\system32\pmnlm.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
C:\Documents and Settings\franck\Cookies\franck@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\franck\Cookies\franck@com[1].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\franck\Cookies\franck@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder
::Fin du rapport
----------------------------------------------------------------------------
Et pour le scan BITDEFENDER , il est sorti sous la forme d'un tableau donc je l'ai mis sur mon FTP : http://dj.franckyll.free.fr/ccm/scan%20bitdefender.jpg
voila
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
4 avril 2006 à 17:06
4 avril 2006 à 17:06
hello
ben ya du boulot
==============
tu commences par virer cette merde de "msn+",
via ajout/suppression de programmes
tu remettras plus tard, qd on aura réparer ses dégats, en prenant garde à ceci
http://theroot.chez-alice.fr/imgs/tuto/msgplus.jpg
==============
je continue à lire
te donnerai les soluces un peu plus tard
=============
fais ceci pendant que je prépare le combat
Télécharger ceci (merci a S!RI pour ce petit programme) :
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
L' exécuter, puis double-clic sur Smitfraudfix.cmd
Choisir l’option 1, il va générer un rapport
Copier-COLLER ce dernier sur le forum.
En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
====
ben ya du boulot
==============
tu commences par virer cette merde de "msn+",
via ajout/suppression de programmes
tu remettras plus tard, qd on aura réparer ses dégats, en prenant garde à ceci
http://theroot.chez-alice.fr/imgs/tuto/msgplus.jpg
==============
je continue à lire
te donnerai les soluces un peu plus tard
=============
fais ceci pendant que je prépare le combat
Télécharger ceci (merci a S!RI pour ce petit programme) :
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
L' exécuter, puis double-clic sur Smitfraudfix.cmd
Choisir l’option 1, il va générer un rapport
Copier-COLLER ce dernier sur le forum.
En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
====
SmitFraudFix v2.28
Rapport fait à 17:13:32,21, 04/04/2006
Executé à partir de C:\Documents and Settings\franck\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\franck\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\franck\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport fait à 17:13:32,21, 04/04/2006
Executé à partir de C:\Documents and Settings\franck\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\franck\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\franck\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
4 avril 2006 à 17:16
4 avril 2006 à 17:16
un autre nettoyage rapide
ouvre hijack
fixe lignes suivantes inutiles au run
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
+
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
+
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
================
je n ai pas encore commencé la désinfection
c était juste pour y voir plus clair
ouvre hijack
fixe lignes suivantes inutiles au run
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
+
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
+
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
================
je n ai pas encore commencé la désinfection
c était juste pour y voir plus clair
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
4 avril 2006 à 17:23
4 avril 2006 à 17:23
je déplace ton log, amputé des corrections ddées pour le confort de lecture
Logfile of HijackThis v1.99.1
Scan saved at 16:18:24, on 04/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\pmnlm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [chat] winhost32.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.196.40 80.118.192.110
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\SYSTEM32\pmnlm.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\en82l1lo1.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe
O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe (file missing)
O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 16:18:24, on 04/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\pmnlm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [chat] winhost32.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.196.40 80.118.192.110
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\SYSTEM32\pmnlm.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\en82l1lo1.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe
O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe (file missing)
O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe (file missing)
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
4 avril 2006 à 18:14
4 avril 2006 à 18:14
procéde comme suit
imprime si besoin
==============
1/ - Déconnecte d'Internet et ferme tou les programmes en cours.
++++++
2/ - チ Redémarrer en mode sans échec
Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
(Si F8 ne marche pas, essai F5)
++++++++++
3/ - チ Rendre visible les fichiers cachés et système
panneau de configuration > options des dossiers > onglet affichage
Coche la case devant " afficher les fichiers et dossiers cachés "
Décoche la case devant " masquer les extensions des fichiers dont le type est connu"
Décoche la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
4/ - チ Lancer HijackThis et cliquer sur [Do a system scan only]
cocher la case au début des lignes suivantes :
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
valider en cliquant sur le bouton [fix checked]
+++++++++++++++++++++++
5/ -チ Recherche et supprime ces dossiers :
va dans :
C:\WINDOWS\system32\mcdxmlc.dll
recherche et supprime
- mcdxmlc.dll
va dans :
C:\WINDOWS\update\wuauclt.exe
recherche et suprime
-wuauclt.exe
++++++++++++++++++++
6 bis/ -
déma + "rechercher" fichiers suivants:
-winhost32.exe
-lich.exe
supprime-les
++++++++++++++++
6 ter/ -
touche windows+r
tape services.msc +OK
recherche ces programmes
-O&O Defrag - O&O Software GmbH
-wins(WINS) (wins)
-Windows Update Manager (UpdateManager)
-Windows User Mode Drivers (WUMD)
et désactive-les
++++++++++++++++++
7/ -Ensuite, très important :
fais fonctionner Ewido
vire tt ce qu il trouve
:: Supprime les fichiers temporaires en
exécutant cleanup40.
vide la corbeille
++++++++++++++++++++
8/ -
+++++++++++++++++++++++
9/ - remasque dossiers cachés en faisant chemin inverse du paragraphe 3/
+++++++++++++++++++
10/ - Redémarre normalement et recolle un Hijack sur forum
================
je ne vois pas ton pare-feu
quel est -il ???
ce n est pas fini
imprime si besoin
==============
1/ - Déconnecte d'Internet et ferme tou les programmes en cours.
++++++
2/ - チ Redémarrer en mode sans échec
Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
(Si F8 ne marche pas, essai F5)
++++++++++
3/ - チ Rendre visible les fichiers cachés et système
panneau de configuration > options des dossiers > onglet affichage
Coche la case devant " afficher les fichiers et dossiers cachés "
Décoche la case devant " masquer les extensions des fichiers dont le type est connu"
Décoche la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
4/ - チ Lancer HijackThis et cliquer sur [Do a system scan only]
cocher la case au début des lignes suivantes :
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\Run: [chat] winhost32.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
valider en cliquant sur le bouton [fix checked]
+++++++++++++++++++++++
5/ -チ Recherche et supprime ces dossiers :
va dans :
C:\WINDOWS\system32\mcdxmlc.dll
recherche et supprime
- mcdxmlc.dll
va dans :
C:\WINDOWS\update\wuauclt.exe
recherche et suprime
-wuauclt.exe
++++++++++++++++++++
6 bis/ -
déma + "rechercher" fichiers suivants:
-winhost32.exe
-lich.exe
supprime-les
++++++++++++++++
6 ter/ -
touche windows+r
tape services.msc +OK
recherche ces programmes
-O&O Defrag - O&O Software GmbH
-wins(WINS) (wins)
-Windows Update Manager (UpdateManager)
-Windows User Mode Drivers (WUMD)
et désactive-les
++++++++++++++++++
7/ -Ensuite, très important :
fais fonctionner Ewido
vire tt ce qu il trouve
:: Supprime les fichiers temporaires en
exécutant cleanup40.
vide la corbeille
++++++++++++++++++++
8/ -
+++++++++++++++++++++++
9/ - remasque dossiers cachés en faisant chemin inverse du paragraphe 3/
+++++++++++++++++++
10/ - Redémarre normalement et recolle un Hijack sur forum
================
je ne vois pas ton pare-feu
quel est -il ???
ce n est pas fini
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
4 avril 2006 à 18:20
4 avril 2006 à 18:20
re
ai des doutes sur les 020
donc fais ceci
Installer L2mfix là (nettoie ligne O20 de Hijackthis)
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
http://users.skynet.be/BernieClub/tools.html
1. extraire le fichier sur le bureau
2. désactiver l'antivirus (car process est détecté faussement comme virus malware par certains antivirus)
3. lancer l2mfix.bat et sélectionner l'option #1 et faire Enter pour faire apparaître le log (cela prend qqs minutes)
4. Copie le log et colle sur forum
=====
attendre que j ai lu avant de continuer
car peut-être inutile
===============
5. Fermes toutes tes fenêtres windows
6. Relances l2mfix.bat et sélectionne l'option #2
7. l'ordi va redémarrer automatiquement sinon le faire manuellement
8. Recopie le log et colle-le à nouveau sur forum
9. Remets un rapport hijack
=========
ouf , ai mérité l'apéro !!
ai des doutes sur les 020
donc fais ceci
Installer L2mfix là (nettoie ligne O20 de Hijackthis)
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
http://users.skynet.be/BernieClub/tools.html
1. extraire le fichier sur le bureau
2. désactiver l'antivirus (car process est détecté faussement comme virus malware par certains antivirus)
3. lancer l2mfix.bat et sélectionner l'option #1 et faire Enter pour faire apparaître le log (cela prend qqs minutes)
4. Copie le log et colle sur forum
=====
attendre que j ai lu avant de continuer
car peut-être inutile
===============
5. Fermes toutes tes fenêtres windows
6. Relances l2mfix.bat et sélectionne l'option #2
7. l'ordi va redémarrer automatiquement sinon le faire manuellement
8. Recopie le log et colle-le à nouveau sur forum
9. Remets un rapport hijack
=========
ouf , ai mérité l'apéro !!
voila j'ai fait tout ce que tu m'a dit a part quelques exceptions que je doit te communiquer:
-je n'ai pas trouvé dans hijackthis :O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
-je n'ai pas réussi a supprimer C:\WINDOWS\system32\mcdxmlc.dll car windows me dit qu'il est utilisé
-Je n'ai pas trouvé les fichiers: Winhost32.exe et lich.exe sur mon pc
-Les 4 programmes :-O&O Defrag - O&O Software GmbH,wins(WINS) (wins),Windows Update Manager (UpdateManager),Windows User Mode Drivers (WUMD) étaient déjà désactivé mais j'ai modifié le démarrage de service ( auto,manu et désactivé) j'ai choisi Désactivé.
Voici le log de l2mfix:
L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en82l1lo1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlm]
"Asynchronous"=dword:00000001
"DllName"="pmnlm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mcdxmlc.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{80699D1C-9FD0-DCE9-8977-C667589C04EA}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="Mes photos Logitech"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"MP3-Info extension"="{448f4a40-2602-11d1-b4c0-080000051171}"
"{BA9E2365-8724-47B7-AEC3-137D7C212AB9}"=""
"{F81A20FF-832E-4F59-B23B-C2174207CC6E}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}\InprocServer32]
@="C:\\WINDOWS\\system32\\apferror.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
apferror.dll Tue 4 Apr 2006 19:24:48 ..S.R 235 642 230,12 K
ati2cqag.dll Wed 22 Feb 2006 5:04:50 A.... 258 048 252,00 K
ati2dvag.dll Wed 22 Feb 2006 5:46:48 A.... 256 512 250,50 K
ati2edxx.dll Wed 22 Feb 2006 5:40:42 A.... 40 960 40,00 K
ati2evxx.dll Wed 22 Feb 2006 5:40:30 A.... 61 440 60,00 K
ati3duag.dll Wed 22 Feb 2006 5:30:46 A.... 2 636 672 2,51 M
atiddc.dll Wed 22 Feb 2006 5:38:50 A.... 53 248 52,00 K
atidemgr.dll Wed 22 Feb 2006 4:21:36 A.... 282 624 276,00 K
atiiiexx.dll Wed 22 Feb 2006 5:20:06 A.... 307 200 300,00 K
atikvmag.dll Wed 22 Feb 2006 5:11:02 A.... 151 552 148,00 K
atioglx1.dll Wed 22 Feb 2006 5:27:14 A.... 6 684 672 6,38 M
atioglxx.dll Wed 22 Feb 2006 5:11:14 A.... 5 124 096 4,89 M
atipdlxx.dll Wed 22 Feb 2006 5:41:10 A.... 114 688 112,00 K
atitvo32.dll Wed 22 Feb 2006 5:10:22 A.... 17 408 17,00 K
ativvaxx.dll Wed 22 Feb 2006 5:24:30 A.... 860 480 840,31 K
fp6q03~1.dll Tue 4 Apr 2006 19:24:48 ..S.R 236 205 230,67 K
mcdxmlc.dll Tue 4 Apr 2006 11:51:58 ..... 235 642 230,12 K
oemdspif.dll Wed 22 Feb 2006 5:40:56 A.... 77 824 76,00 K
wbhelp2.dll Sat 14 Jan 2006 14:36:58 A.... 50 688 49,50 K
19 items found: 19 files (2 H/S), 0 directories.
Total of file sizes: 17 685 601 bytes 16,86 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C0C2-2091
R‚pertoire de C:\WINDOWS\System32
04/04/2006 19:24 235ÿ642 apferror.dll
04/04/2006 19:24 236ÿ205 fp6q03j5e.dll
04/04/2006 15:03 <REP> dllcache
02/04/2006 18:46 <REP> Microsoft
08/02/2006 13:27 13ÿ560 KGyGaAvL.sys
3 fichier(s) 485ÿ407 octets
2 R‚p(s) 17ÿ223ÿ020ÿ544 octets libres
-je n'ai pas trouvé dans hijackthis :O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
-je n'ai pas réussi a supprimer C:\WINDOWS\system32\mcdxmlc.dll car windows me dit qu'il est utilisé
-Je n'ai pas trouvé les fichiers: Winhost32.exe et lich.exe sur mon pc
-Les 4 programmes :-O&O Defrag - O&O Software GmbH,wins(WINS) (wins),Windows Update Manager (UpdateManager),Windows User Mode Drivers (WUMD) étaient déjà désactivé mais j'ai modifié le démarrage de service ( auto,manu et désactivé) j'ai choisi Désactivé.
Voici le log de l2mfix:
L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en82l1lo1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlm]
"Asynchronous"=dword:00000001
"DllName"="pmnlm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mcdxmlc.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{80699D1C-9FD0-DCE9-8977-C667589C04EA}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="Mes photos Logitech"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"MP3-Info extension"="{448f4a40-2602-11d1-b4c0-080000051171}"
"{BA9E2365-8724-47B7-AEC3-137D7C212AB9}"=""
"{F81A20FF-832E-4F59-B23B-C2174207CC6E}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F81A20FF-832E-4F59-B23B-C2174207CC6E}\InprocServer32]
@="C:\\WINDOWS\\system32\\apferror.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
apferror.dll Tue 4 Apr 2006 19:24:48 ..S.R 235 642 230,12 K
ati2cqag.dll Wed 22 Feb 2006 5:04:50 A.... 258 048 252,00 K
ati2dvag.dll Wed 22 Feb 2006 5:46:48 A.... 256 512 250,50 K
ati2edxx.dll Wed 22 Feb 2006 5:40:42 A.... 40 960 40,00 K
ati2evxx.dll Wed 22 Feb 2006 5:40:30 A.... 61 440 60,00 K
ati3duag.dll Wed 22 Feb 2006 5:30:46 A.... 2 636 672 2,51 M
atiddc.dll Wed 22 Feb 2006 5:38:50 A.... 53 248 52,00 K
atidemgr.dll Wed 22 Feb 2006 4:21:36 A.... 282 624 276,00 K
atiiiexx.dll Wed 22 Feb 2006 5:20:06 A.... 307 200 300,00 K
atikvmag.dll Wed 22 Feb 2006 5:11:02 A.... 151 552 148,00 K
atioglx1.dll Wed 22 Feb 2006 5:27:14 A.... 6 684 672 6,38 M
atioglxx.dll Wed 22 Feb 2006 5:11:14 A.... 5 124 096 4,89 M
atipdlxx.dll Wed 22 Feb 2006 5:41:10 A.... 114 688 112,00 K
atitvo32.dll Wed 22 Feb 2006 5:10:22 A.... 17 408 17,00 K
ativvaxx.dll Wed 22 Feb 2006 5:24:30 A.... 860 480 840,31 K
fp6q03~1.dll Tue 4 Apr 2006 19:24:48 ..S.R 236 205 230,67 K
mcdxmlc.dll Tue 4 Apr 2006 11:51:58 ..... 235 642 230,12 K
oemdspif.dll Wed 22 Feb 2006 5:40:56 A.... 77 824 76,00 K
wbhelp2.dll Sat 14 Jan 2006 14:36:58 A.... 50 688 49,50 K
19 items found: 19 files (2 H/S), 0 directories.
Total of file sizes: 17 685 601 bytes 16,86 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C0C2-2091
R‚pertoire de C:\WINDOWS\System32
04/04/2006 19:24 235ÿ642 apferror.dll
04/04/2006 19:24 236ÿ205 fp6q03j5e.dll
04/04/2006 15:03 <REP> dllcache
02/04/2006 18:46 <REP> Microsoft
08/02/2006 13:27 13ÿ560 KGyGaAvL.sys
3 fichier(s) 485ÿ407 octets
2 R‚p(s) 17ÿ223ÿ020ÿ544 octets libres
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
4 avril 2006 à 20:19
4 avril 2006 à 20:19
youpi
ya une saloperie
donc fais la suite
5. Fermes toutes tes fenêtres windows
6. Relances l2mfix.bat et sélectionne l'option #2
7. l'ordi va redémarrer automatiquement sinon le faire manuellement
8. Recopie le log et colle-le à nouveau sur forum
9. Remets un rapport hijack
=========
ouf , ai mérité un 2ém apéro
ya une saloperie
donc fais la suite
5. Fermes toutes tes fenêtres windows
6. Relances l2mfix.bat et sélectionne l'option #2
7. l'ordi va redémarrer automatiquement sinon le faire manuellement
8. Recopie le log et colle-le à nouveau sur forum
9. Remets un rapport hijack
=========
ouf , ai mérité un 2ém apéro
L2mfix 032106
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 676 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'w
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 676 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'winlogon.exe'
Killing PID 780 'w
Mince j'avait pas vu que le log était aussi long, je te le remet mais en supprimant toutes les Killing PID 780 'winlogon.exe' inutiles (y'en avait plein !)
------------------------------------------------------------------------
L2mfix 032106
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 676 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 780 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1656 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en82l1lo1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlm]
"Asynchronous"=dword:00000001
"DllName"="pmnlm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mcdxmlc.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"
The following are the files found:
****************************************************************************
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/fp6q03j5e.dll (164 bytes security) (deflated 5%)
adding: dlls/mcdxmlc.dll (164 bytes security) (deflated 5%)
adding: backregs/F81A20FF-832E-4F59-B23B-C2174207CC6E.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
----------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:35:27, on 04/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
O4 - Global Startup: eEye JScript Patch Checker.lnk = C:\Program Files\eEye Digital Security\Jscript Patch\jscriptpatchchecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.192.112 80.118.196.42
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\en82l1lo1.dll (file missing)
O20 - Winlogon Notify: pmnlm - pmnlm.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\mcdxmlc.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe (file missing)
------------------------------------------------------------------------
L2mfix 032106
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 676 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 780 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1656 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en82l1lo1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlm]
"Asynchronous"=dword:00000001
"DllName"="pmnlm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mcdxmlc.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"
The following are the files found:
****************************************************************************
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/fp6q03j5e.dll (164 bytes security) (deflated 5%)
adding: dlls/mcdxmlc.dll (164 bytes security) (deflated 5%)
adding: backregs/F81A20FF-832E-4F59-B23B-C2174207CC6E.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
----------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:35:27, on 04/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
O4 - Global Startup: eEye JScript Patch Checker.lnk = C:\Program Files\eEye Digital Security\Jscript Patch\jscriptpatchchecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.192.112 80.118.196.42
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\en82l1lo1.dll (file missing)
O20 - Winlogon Notify: pmnlm - pmnlm.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\mcdxmlc.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe (file missing)
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
5 avril 2006 à 01:44
5 avril 2006 à 01:44
re
=====
le copié/collé suivant est la fin de l option 1
R‚pertoire de C:\WINDOWS\System32
04/04/2006 19:24 235ÿ642 apferror.dll
04/04/2006 19:24 236ÿ205 fp6q03j5e.dll
04/04/2006 15:03 <REP> dllcache
02/04/2006 18:46 <REP> Microsoft
08/02/2006 13:27 13ÿ560 KGyGaAvL.sys
3 fichier(s) 485ÿ407 octets
2 R‚p(s) 17ÿ223ÿ020ÿ544 octets libres
c est la partie qui "parle" pour moi
=================
donc c est l équivalent de l option 2 qu il me faut
ah non , pas la peine je vois que cela a fonctionné sur le rapport hijack
========
ouvre donc hijack et fixe
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\en82l1lo1.dll (file missing)
O20 - Winlogon Notify: pmnlm - pmnlm.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\mcdxmlc.dll (file missing)
=========
sorry mais je ne vois plus l écran
dodo pour ma pomme
je regarderai en détail au tideuj
======
ah question demeurée sans réponse
e ne vois pas ton pare-feu
quel est -il ???
=============
=====
le copié/collé suivant est la fin de l option 1
R‚pertoire de C:\WINDOWS\System32
04/04/2006 19:24 235ÿ642 apferror.dll
04/04/2006 19:24 236ÿ205 fp6q03j5e.dll
04/04/2006 15:03 <REP> dllcache
02/04/2006 18:46 <REP> Microsoft
08/02/2006 13:27 13ÿ560 KGyGaAvL.sys
3 fichier(s) 485ÿ407 octets
2 R‚p(s) 17ÿ223ÿ020ÿ544 octets libres
c est la partie qui "parle" pour moi
=================
donc c est l équivalent de l option 2 qu il me faut
ah non , pas la peine je vois que cela a fonctionné sur le rapport hijack
========
ouvre donc hijack et fixe
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\en82l1lo1.dll (file missing)
O20 - Winlogon Notify: pmnlm - pmnlm.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\mcdxmlc.dll (file missing)
=========
sorry mais je ne vois plus l écran
dodo pour ma pomme
je regarderai en détail au tideuj
======
ah question demeurée sans réponse
e ne vois pas ton pare-feu
quel est -il ???
=============
ben je ne sais pas si c'est un pare-feu mais j'utilisais la protection résidente de AVAST! et le pare-feu de windows xp
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
5 avril 2006 à 11:30
5 avril 2006 à 11:30
hello
c est ce qu il me semblait
insuffisant
celui de wind n est qu un joujou
donc au boulot
tu vas en mettre un vrai
ensuite tu désactivera le p-f wind
telech kerio gratos
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
lis son tuto
https://kerio.probb.fr/
c est ce qu il me semblait
insuffisant
celui de wind n est qu un joujou
donc au boulot
tu vas en mettre un vrai
ensuite tu désactivera le p-f wind
telech kerio gratos
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
lis son tuto
https://kerio.probb.fr/
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
5 avril 2006 à 11:42
5 avril 2006 à 11:42
re
ouvre ton hijack
fixe lignes suivantes :
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
+
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
+
ya encore 2 lignes que je dois vérifier car inconnues
as-tu un log nommé "cars" ou "ptas" que tu aurais téléchargé ?
ouvre ton hijack
fixe lignes suivantes :
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
+
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
+
ya encore 2 lignes que je dois vérifier car inconnues
as-tu un log nommé "cars" ou "ptas" que tu aurais téléchargé ?
aranjuez31
Messages postés
8047
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
5 avril 2006 à 13:07
5 avril 2006 à 13:07
re
bon ,on va ce dont je ne trouve aucune légitimité
cela a trait à ces 2 lignes :
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
======
1/ déconnecte toi du net
2/ mets toi en mode sans échec
3/ fais apparaître dossiers cachés de cette façon
Clic sur Démarrer/Panneau de Configuration/Options des dossiers/Affichage :
Coche Afficher les dossiers cachés
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche "Masquer les extensions dont le type est connu"
Puis fais «OK» pour valider les changements.
Et appliquer
4/ va dans ajout/suppr
recherche progr "Cars" ou "ptas"
desinstalle si tu trouves
5/ouvre hijack
fixe les 2 threads :
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
6/ déma+poste de travail+HDD(C)
va dans
C:\Program Files\ptas\lras.exe" -vt yazb
recherche et supprime
- lras.exe
va dans
C:\WINDOWS\System32\kruychkma.exe
recherche et supprime
- kruychkma.exe
si tu ne trouves pas :
déma+"rechercher" tour à tour
- lras.exe
- kruychkma.exe
que tu dois supprimer
7/ important
- faire fonctionner cleanup40
- scan avec Ewido, détruire tt ce qu il trouve
- vider poubelle
8/ne pas oublier de refaire le chemin de 3/ en sens inverse pour remasquer les dossiers cachés
9/ redémarre en mode normal
10/ remets un nouveau hijack
bon ,on va ce dont je ne trouve aucune légitimité
cela a trait à ces 2 lignes :
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
======
1/ déconnecte toi du net
2/ mets toi en mode sans échec
3/ fais apparaître dossiers cachés de cette façon
Clic sur Démarrer/Panneau de Configuration/Options des dossiers/Affichage :
Coche Afficher les dossiers cachés
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche "Masquer les extensions dont le type est connu"
Puis fais «OK» pour valider les changements.
Et appliquer
4/ va dans ajout/suppr
recherche progr "Cars" ou "ptas"
desinstalle si tu trouves
5/ouvre hijack
fixe les 2 threads :
O4 - HKLM\..\RunServices: [lfqmoj_[Pbnzkt] C:\WINDOWS\System32\kruychkma.exe
O4 - HKCU\..\Run: [Cars] "C:\Program Files\ptas\lras.exe" -vt yazb
6/ déma+poste de travail+HDD(C)
va dans
C:\Program Files\ptas\lras.exe" -vt yazb
recherche et supprime
- lras.exe
va dans
C:\WINDOWS\System32\kruychkma.exe
recherche et supprime
- kruychkma.exe
si tu ne trouves pas :
déma+"rechercher" tour à tour
- lras.exe
- kruychkma.exe
que tu dois supprimer
7/ important
- faire fonctionner cleanup40
- scan avec Ewido, détruire tt ce qu il trouve
- vider poubelle
8/ne pas oublier de refaire le chemin de 3/ en sens inverse pour remasquer les dossiers cachés
9/ redémarre en mode normal
10/ remets un nouveau hijack
Logfile of HijackThis v1.99.1
Scan saved at 20:40:53, on 05/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: eEye JScript Patch Checker.lnk = C:\Program Files\eEye Digital Security\Jscript Patch\jscriptpatchchecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.192.112 80.118.196.42
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe (file missing)
Scan saved at 20:40:53, on 05/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\franck\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: eEye JScript Patch Checker.lnk = C:\Program Files\eEye Digital Security\Jscript Patch\jscriptpatchchecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: SoftSearch - {5D602A21-B929-11d7-A5D3-005022E14DE2} - http://softsearch.ru (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F51055-C1FE-48AC-A4BB-3AA71C6ACD34}: NameServer = 80.118.192.112 80.118.196.42
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe (file missing)
