Posez votre question Signaler

Virus bloodhound [Résolu]

vin110 159Messages postés 22 décembre 2005Date d'inscription 15 décembre 2011Dernière intervention - Dernière réponse le 8 mai 2006 à 19:09

bonjour,
mon ordinateur est infecter par le virus bloodhound,que dois-je faire pour le supprimer ?
merci
vin110

Virus bloodhound »

Suggestions

Virus bloodhound
Virus: Bloodhound.Packed (Résolu) » Forum
Virus BloodHound (Résolu) » Forum
Infecté par le virus bloodhound morphine (Résolu) » Forum
Virus BloodHound Mophine (Résolu) » Forum
Virus bloodhound » Forum
Virus Bloodhound.Packed » Forum
Virus bloodhound morphine » Forum
Virus bloodhound.packed » Forum
Virus Bloodhound.W32.1 URGENT » Forum

Plus

Réponse

incognito02 3498Messages postés 28 octobre 2005Date d'inscription 5 mai 2006 à 21:34

Bonsoir ,

Dans un premier temps, fait déja tout cela :

telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancer)

(1) ad-aware version 1.06

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip

***

(2) spybot version 1.4

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***

et aussi ceci

(3) Ccleaner :
Télécharge Ccleaner ici :
http://www.ccleaner.com/ccdownload.asp

Tutorial ici:
http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

(4) Edwido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

Clique sur scanner puis sur scan complet du système.

(5) Pour vérifier, scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html

(6) télécharge HijackThis ici:
http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/29061...

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+

Ajouter un commentaire - Site web

Réponse

vin110 159Messages postés 22 décembre 2005Date d'inscription 15 décembre 2011Dernière intervention 6 mai 2006 à 14:09

bonjour
j'ai effectué toutes les opération que vous m'avez demander de faire et voici donc le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 14:08:10, on 06/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.olidata.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows] run.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows] run.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\Olivier\Mes documents\Vincent\VINCENT\instalation\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\fp2403fqe.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

bonne chance

Ajouter un commentaire - Site web

boulepate62 - 6 mai 2006 à 15:49

Salut vous deux :-)

Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O4 - HKLM\..\Run: [Windows] run.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows] run.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

Clique sur demarrer, poste de travail, C:, program files, cherche et supprime ce dossier:

WinAntiVirus Pro 2006

Clique sur demarrer, rechercher,cherche et supprime ces fichiers:

run.exe
winlog.exe

si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui ci tapotes la touche f8, à l'ecran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers, vides ta corbeille et redemarres normalement

Fait ce nettoyage, puis redemarre l'ordi et remet un nouveau rapport hijackthis

¤Telecharges et installes ceci, dans la colonne de gauche cliques sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs

CCleaner:
Ccleaner

¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis cliques sur "lancer le nettoyage"

ça ne sera pas fini ;-)

Réponse

vin110 159Messages postés 22 décembre 2005Date d'inscription 15 décembre 2011Dernière intervention 6 mai 2006 à 17:00

bonjour,
la suppression de WinAntiVirus Pro 2006 s'est bien déroulée mais je n'est pas trouvé les deux fichiers ( run.exe et winlog.exe )

voici le rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 16:59:26, on 06/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.olidata.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\Olivier\Mes documents\Vincent\VINCENT\instalation\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\fpj2031oe.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

merci
a+

Ajouter un commentaire - Site web

Afficher les 13 commentaires

vin110 - 7 mai 2006 à 22:30

bonsoir
apres deux scan je n'est pas réussie a avoir de rapport
que dois-je faire ?
++

boulepate62 - 7 mai 2006 à 22:34

pas grave, remet un rapport hijackthis stp

vin110 - 7 mai 2006 à 22:36

voici le rapport :

Logfile of HijackThis v1.99.1
Scan saved at 22:38:56, on 07/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.olidata.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\Olivier\Mes documents\Vincent\VINCENT\instalation\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\c0000admed0a0.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Eastman Kodak Company - (no file)
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

boulepate62 - 7 mai 2006 à 22:38

Télécharge l2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe
double clique sur l2mfix.exe pour lancer l'extraction.
dans le dossier l2mfix, double clique sur l2mfix.bat et choisis l'option 1 et valide avec la touche entrée
il va te generer un rapport
Copie et colle le resultat ici s'il te plait.

vin110 - 7 mai 2006 à 22:41

voila le rapport l2mfix :

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\c0000admed0a0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{63C43C3E-C557-1E39-A275-5ED4273D828F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{6F45BB01-537B-11D3-A2A6-444553540000}"="FineCrypt"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}"="eBay Toolbar"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels"
"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{252B2DC0-5673-448A-ADFC-185032869B62}"=""
"{B430414C-327D-4525-9AF4-C990467628BC}"=""
"{6E662501-C8B5-4BD4-95B3-16EEBB7A6EF9}"=""
"{4138D282-B77A-4A4D-8EFC-1AE75C7A9E72}"=""
"{E7DB0B5C-2FB1-4868-B9F3-43FAF767B005}"=""
"{BA2BF5AD-F282-4371-B4E7-F2D6220021F9}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{39A29741-1090-4D38-B73C-4F0E4BFC1DE7}"=""
"{1D01BB37-62A2-4784-ACDE-562665D70977}"=""
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1D01BB37-62A2-4784-ACDE-562665D70977}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D01BB37-62A2-4784-ACDE-562665D70977}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D01BB37-62A2-4784-ACDE-562665D70977}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D01BB37-62A2-4784-ACDE-562665D70977}\InprocServer32]
@="C:\\WINDOWS\\system32\\rochost.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
wininet.dll Sat 4 Mar 2006 5:35:02 A.... 662 528 647,00 K
inetcomm.dll Fri 17 Mar 2006 11:11:46 A.... 679 424 663,50 K
wmp.dll Fri 10 Mar 2006 6:09:14 A.... 5 533 696 5,28 M
urlmon.dll Sat 18 Mar 2006 13:09:54 A.... 615 424 601,00 K
shlwapi.dll Sat 4 Mar 2006 5:35:02 A.... 474 624 463,50 K
shdocvw.dll Thu 30 Mar 2006 11:26:12 A.... 1 492 992 1,42 M
pngfilt.dll Sat 4 Mar 2006 5:35:02 A.... 39 424 38,50 K
mstime.dll Sat 4 Mar 2006 5:35:02 A.... 532 480 520,00 K
browseui.dll Sat 4 Mar 2006 5:34:58 A.... 1 023 488 999,50 K
msrating.dll Sat 4 Mar 2006 5:35:00 A.... 146 432 143,00 K
mshtmled.dll Sat 4 Mar 2006 5:35:00 A.... 448 512 438,00 K
mshtml.dll Thu 23 Mar 2006 22:35:42 A.... 3 074 560 2,93 M
inseng.dll Sat 4 Mar 2006 5:34:58 A.... 96 768 94,50 K
iepeers.dll Sat 4 Mar 2006 5:34:58 A.... 251 392 245,50 K
dxtrans.dll Sat 4 Mar 2006 5:34:58 A.... 205 312 200,50 K
danim.dll Sat 4 Mar 2006 5:34:58 A.... 1 056 768 1,01 M
cdfview.dll Sat 4 Mar 2006 5:34:58 A.... 152 064 148,50 K
xpsp3res.dll Thu 30 Mar 2006 3:16:46 A.... 17 920 17,50 K
extmgr.dll Sat 4 Mar 2006 5:34:58 A.... 55 808 54,50 K
shell32.dll Fri 17 Mar 2006 6:07:40 A.... 8 508 416 8,11 M
divvox.dll Sun 7 May 2006 20:42:20 ..S.R 235 679 230,15 K
rochost.dll Sun 7 May 2006 20:44:58 ..S.R 235 679 230,15 K
gp24l3~1.dll Sun 7 May 2006 1:45:28 ..S.R 235 679 230,15 K
h20q0c~1.dll Sun 7 May 2006 15:50:02 ..S.R 236 181 230,64 K
c0000a~1.dll Sat 6 May 2006 23:20:28 ..S.R 235 679 230,15 K
mvn8l9~1.dll Sun 7 May 2006 15:54:06 ..S.R 234 177 228,69 K
lv0o09~1.dll Sun 7 May 2006 16:00:04 ..S.R 235 988 230,46 K
i024la~1.dll Sun 7 May 2006 20:42:20 ..S.R 237 099 231,54 K
sintf16.dll Fri 3 Mar 2006 18:30:18 A.... 12 067 11,78 K
sintf32.dll Fri 3 Mar 2006 18:30:20 A.... 17 212 16,81 K
sintfnt.dll Fri 3 Mar 2006 18:30:20 A.... 21 840 21,33 K
j6l4lg~1.dll Sun 7 May 2006 20:44:58 ..S.R 237 115 231,55 K
legitc~1.dll Tue 14 Feb 2006 9:20:14 ..... 550 120 537,23 K

33 items found: 33 files (9 H/S), 0 directories.
Total of file sizes: 27 792 547 bytes 26,50 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
setupe~1.tmp Fri 5 May 2006 12:00:36 A.... 32 768 32,00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 32 768 bytes 32,00 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle XP
Le num‚ro de s‚rie du volume est 385E-12F0

R‚pertoire de C:\WINDOWS\System32

07/05/2006 20:44 237ÿ115 j6l4lg3q16.dll
07/05/2006 20:44 235ÿ679 rochost.dll
07/05/2006 20:42 235ÿ679 divvox.dll
07/05/2006 20:42 237ÿ099 i024lafq1d2e.dll
07/05/2006 16:00 235ÿ988 lv0o09d3e.dll
07/05/2006 15:54 234ÿ177 mvn8l95u1.dll
07/05/2006 15:50 236ÿ181 h20q0cd5ef0.dll
07/05/2006 01:45 235ÿ679 gp24l3fq1.dll
06/05/2006 23:20 235ÿ679 c0000admed0a0.dll
10/04/2005 01:51 5ÿ632 Thumbs.db
22/09/2004 14:03 <REP> Microsoft
22/09/2004 13:41 <REP> dllcache
10 fichier(s) 2ÿ128ÿ908 octets
2 R‚p(s) 41ÿ023ÿ766ÿ528 octets libres

boulepate62 - 7 mai 2006 à 22:42

Relances l2mfix.bat et sélectionne l'option 2
L'ordi va redémarrer automatiquement sinon fais le de toi même
Recopie le rapport et colle le ici avec un nouveau rapport hijackthis

vin110 - 7 mai 2006 à 23:18

donc voici le rapport l2mfix suivit de celui de hijackthis :

L2mfix 032106
Creating Account.
Le compte existe d‚j….

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 2224.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (deflated 88%)

Logfile of HijackThis v1.99.1
Scan saved at 23:21:08, on 07/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.olidata.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\Olivier\Mes documents\Vincent\VINCENT\instalation\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\c0000admed0a0.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Eastman Kodak Company - (no file)
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

boulepate62 - 7 mai 2006 à 23:25

Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\c0000admed0a0.dll

Telecharges Killbox : http://www.generation-nt.com/telecharger/fiche/344/KillBox/

Doubles clique sur killbox.exe (Pocket Killbox)

- coches: delete on reboot
dans la barre vide entre ceci: (exactement)

C:\WINDOWS\system32\c0000admed0a0.dll

- cliques sur la croix rouge
- une fenetre va apparaitre pour confirmation cliques sur YES
- une seconde fenetre te demande si tu veux redemarrer cliques sur YES

Laisses le pc redemarrer puis met un nouveau rapport HijackThis

vin110 - 7 mai 2006 à 23:36

tout s'est bien déroulé et voici donc le nouveau rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23:38:15, on 07/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.olidata.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\Olivier\Mes documents\Vincent\VINCENT\instalation\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\j2j6lc1s1f.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Eastman Kodak Company - (no file)
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

boulepate62 - 7 mai 2006 à 23:38

Refait ça stp:

Double clique sur l2mfix.exe pour lancer l'extraction.
dans le dossier l2mfix, double clique sur l2mfix.bat et choisis l'option 1 et valide avec la touche entrée
il va te generer un rapport
Copie et colle le resultat ici s'il te plait.

vin110 - 7 mai 2006 à 23:45

rapport l2mfix :

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j2j6lc1s1f.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{63C43C3E-C557-1E39-A275-5ED4273D828F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{6F45BB01-537B-11D3-A2A6-444553540000}"="FineCrypt"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}"="eBay Toolbar"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels"
"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{252B2DC0-5673-448A-ADFC-185032869B62}"=""
"{B430414C-327D-4525-9AF4-C990467628BC}"=""
"{6E662501-C8B5-4BD4-95B3-16EEBB7A6EF9}"=""
"{4138D282-B77A-4A4D-8EFC-1AE75C7A9E72}"=""
"{E7DB0B5C-2FB1-4868-B9F3-43FAF767B005}"=""
"{BA2BF5AD-F282-4371-B4E7-F2D6220021F9}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{39A29741-1090-4D38-B73C-4F0E4BFC1DE7}"=""
"{1D01BB37-62A2-4784-ACDE-562665D70977}"=""
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1D01BB37-62A2-4784-ACDE-562665D70977}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D01BB37-62A2-4784-ACDE-562665D70977}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D01BB37-62A2-4784-ACDE-562665D70977}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D01BB37-62A2-4784-ACDE-562665D70977}\InprocServer32]
@="C:\\WINDOWS\\system32\\dsrgsnap.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
wininet.dll Sat 4 Mar 2006 5:35:02 A.... 662 528 647,00 K
inetcomm.dll Fri 17 Mar 2006 11:11:46 A.... 679 424 663,50 K
wmp.dll Fri 10 Mar 2006 6:09:14 A.... 5 533 696 5,28 M
urlmon.dll Sat 18 Mar 2006 13:09:54 A.... 615 424 601,00 K
shlwapi.dll Sat 4 Mar 2006 5:35:02 A.... 474 624 463,50 K
shdocvw.dll Thu 30 Mar 2006 11:26:12 A.... 1 492 992 1,42 M
pngfilt.dll Sat 4 Mar 2006 5:35:02 A.... 39 424 38,50 K
mstime.dll Sat 4 Mar 2006 5:35:02 A.... 532 480 520,00 K
browseui.dll Sat 4 Mar 2006 5:34:58 A.... 1 023 488 999,50 K
msrating.dll Sat 4 Mar 2006 5:35:00 A.... 146 432 143,00 K
mshtmled.dll Sat 4 Mar 2006 5:35:00 A.... 448 512 438,00 K
mshtml.dll Thu 23 Mar 2006 22:35:42 A.... 3 074 560 2,93 M
inseng.dll Sat 4 Mar 2006 5:34:58 A.... 96 768 94,50 K
iepeers.dll Sat 4 Mar 2006 5:34:58 A.... 251 392 245,50 K
dxtrans.dll Sat 4 Mar 2006 5:34:58 A.... 205 312 200,50 K
danim.dll Sat 4 Mar 2006 5:34:58 A.... 1 056 768 1,01 M
cdfview.dll Sat 4 Mar 2006 5:34:58 A.... 152 064 148,50 K
xpsp3res.dll Thu 30 Mar 2006 3:16:46 A.... 17 920 17,50 K
extmgr.dll Sat 4 Mar 2006 5:34:58 A.... 55 808 54,50 K
shell32.dll Fri 17 Mar 2006 6:07:40 A.... 8 508 416 8,11 M
divvox.dll Sun 7 May 2006 20:42:20 ..S.R 235 679 230,15 K
dsrgsnap.dll Sun 7 May 2006 23:36:38 ..S.R 237 291 231,73 K
gp24l3~1.dll Sun 7 May 2006 1:45:28 ..S.R 235 679 230,15 K
h20q0c~1.dll Sun 7 May 2006 15:50:02 ..S.R 236 181 230,64 K
q0nula~1.dll Sun 7 May 2006 23:35:38 ..S.R 235 679 230,15 K
mvn8l9~1.dll Sun 7 May 2006 15:54:06 ..S.R 234 177 228,69 K
lv0o09~1.dll Sun 7 May 2006 16:00:04 ..S.R 235 988 230,46 K
i024la~1.dll Sun 7 May 2006 20:42:20 ..S.R 237 099 231,54 K
sintf16.dll Fri 3 Mar 2006 18:30:18 A.... 12 067 11,78 K
sintf32.dll Fri 3 Mar 2006 18:30:20 A.... 17 212 16,81 K
sintfnt.dll Fri 3 Mar 2006 18:30:20 A.... 21 840 21,33 K
j6l4lg~1.dll Sun 7 May 2006 20:44:58 ..S.R 237 115 231,55 K
msgplu~1.dll Sat 22 Apr 2006 23:36:24 A.... 58 952 57,57 K
legitc~1.dll Tue 14 Feb 2006 9:20:14 ..... 550 120 537,23 K
j2j6lc~1.dll Sun 7 May 2006 23:17:36 ..S.R 237 291 231,73 K

35 items found: 35 files (10 H/S), 0 directories.
Total of file sizes: 28 090 402 bytes 26,79 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
setupe~1.tmp Fri 5 May 2006 12:00:36 A.... 32 768 32,00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 32 768 bytes 32,00 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle XP
Le num‚ro de s‚rie du volume est 385E-12F0

R‚pertoire de C:\WINDOWS\System32

07/05/2006 23:36 237ÿ291 dsrgsnap.dll
07/05/2006 23:35 235ÿ679 q0nula591d.dll
07/05/2006 23:17 237ÿ291 j2j6lc1s1f.dll
07/05/2006 20:44 237ÿ115 j6l4lg3q16.dll
07/05/2006 20:42 235ÿ679 divvox.dll
07/05/2006 20:42 237ÿ099 i024lafq1d2e.dll
07/05/2006 16:00 235ÿ988 lv0o09d3e.dll
07/05/2006 15:54 234ÿ177 mvn8l95u1.dll
07/05/2006 15:50 236ÿ181 h20q0cd5ef0.dll
07/05/2006 01:45 235ÿ679 gp24l3fq1.dll
10/04/2005 01:51 5ÿ632 Thumbs.db
22/09/2004 14:03 <REP> Microsoft
22/09/2004 13:41 <REP> dllcache
11 fichier(s) 2ÿ367ÿ811 octets
2 R‚p(s) 40ÿ969ÿ437ÿ184 octets libres

boulepate62 - 7 mai 2006 à 23:50

Relances l2mfix.bat et sélectionne l'option 2

L'ordi va redémarrer automatiquement sinon fais le de toi même

Recopie le rapport(en entier stp)et colle le ici avec un nouveau rapport hijackthis

PS: apparament la premiere manoeuvre à foirée

Réponse

vin110 159Messages postés 22 décembre 2005Date d'inscription 15 décembre 2011Dernière intervention 8 mai 2006 à 00:05

c'est bon cette fois ci sa a fonctionner et voici le rapport :

L2mfix 032106
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 720 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Killing PID 816 'win
Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 728 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID
Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 728 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killing PID 832 'winlogon.exe'
Killin

Ajouter un commentaire - Site web

Afficher les 7 commentaires

vin110 - 8 mai 2006 à 00:15

Logfile of HijackThis v1.99.1
Scan saved at 00:08:06, on 08/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.olidata.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\Documents and Settings\Olivier\Mes documents\Vincent\VINCENT\instalation\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\j2j6lc1s1f.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Eastman Kodak Company - (no file)
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

boulepate62 - 8 mai 2006 à 00:20

ça a marché apparament

Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O20 - Winlogon Notify: URL - C:\WINDOWS\system32\j2j6lc1s1f.dll (file missing)

Fait ce scan anti-virus en ligne une fois qu'il a terminé colle le rapport ici stp, puis je pense que ça sera ok.

http://www.bitdefender.com/scan8/ie.html

vin110 - 8 mai 2006 à 00:25

ca va mettre un peu de temps donc j'afficherai le rapport que dans la matinée

merci de ton aide
bonne nuit

boulepate62 - 8 mai 2006 à 00:29

pas de soucis, bonne nui à toi aussi ;-)

vin110 - 8 mai 2006 à 14:09

voici le rapport obtenu apres un scan avec bitdefender

Time
03:22:45

Files
403443

Folders
6446

Boot Sectors
2

Archives
2574

Packed Files
16944

Results

Identified Viruses
1

Infected Files
35

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
35

Engines Info

Virus Definitions
373689

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0056078.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0056078.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0057087.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0057087.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0058086.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0058086.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060087.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060087.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060134.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060134.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060148.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060148.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060159.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060159.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060164.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060164.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060165.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060165.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060166.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060166.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060167.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060167.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060168.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060168.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060169.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060169.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060170.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060170.dll
Deleted

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060171.dll
Detected with: Adware.Dinky.A.Trojan

C:\System Volume Information\_restore{6B96564A-A9C2-4705-ABBB-CF7B9B11BD40}\RP115\A0060171.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\divvox.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\divvox.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\dsrgsnap.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\dsrgsnap.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\gp24l3fq1.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\gp24l3fq1.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\h20q0cd5ef0.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\h20q0cd5ef0.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\i024lafq1d2e.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\i024lafq1d2e.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\j2j6lc1s1f.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\j2j6lc1s1f.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\j6l4lg3q16.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\j6l4lg3q16.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\lv0o09d3e.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\lv0o09d3e.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\mvn8l95u1.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\mvn8l95u1.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\q0nula591d.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\dlls\q0nula591d.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/divvox.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/divvox.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip
Updated

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/dsrgsnap.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/dsrgsnap.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip
Updated

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/gp24l3fq1.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/gp24l3fq1.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip
Updated

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/h20q0cd5ef0.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/h20q0cd5ef0.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip
Updated

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/i024lafq1d2e.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/i024lafq1d2e.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip
Updated

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/j2j6lc1s1f.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/j2j6lc1s1f.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip
Updated

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/j6l4lg3q16.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/j6l4lg3q16.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip
Updated

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/lv0o09d3e.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/lv0o09d3e.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip
Updated

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/mvn8l95u1.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/mvn8l95u1.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip
Updated

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/q0nula591d.dll
Detected with: Adware.Dinky.A.Trojan

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip=>dlls/q0nula591d.dll
Deleted

C:\Documents and Settings\Olivier\Bureau\l2mfix\backup.zip
Updated

boulepate62 - 8 mai 2006 à 18:54

Salut,

Alors ceci C:\System Volume Information\_restore(voir rapport Bitdefender au dessus) indique que ta restauration du systeme est infecté.Nous allons Tout supprimer et créer un point propre.

Cliques sur demarrer, cliques droit sur poste de travail, propriétés, onglet "restauration du systeme"
-coches la case, puis cliques sur "appliquer"
-decoches la case et cliques sur "appliquer" puis "ok".

Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:

Cliques sur demarrer, tout les programmes, accessoires, outils systemes, restauration du systeme, choisis "creer un point de restauration" nommes le " ccm" par exemple, cliques sur "creer" puis "ok".

Puis supprime le dossier L2MFIX tu en as plus besion

Réponse

vin110 159Messages postés 22 décembre 2005Date d'inscription 15 décembre 2011Dernière intervention 8 mai 2006 à 19:08

salut,
voila tout est fait et mon ordinateur fonctionne correctement
merci pour ton aide
a une prochaine fois peut-etre
bonne soirée bye

Ajouter un commentaire - Site web

boulepate62 - 8 mai 2006 à 19:09

De rien ;-)

Bonne soirée à toi aussi

A++

Répondre au sujet

Posez votre question

Dossier à la une

5 extensions si vous voulez revenir à l'ancien Facebook

5 extensions si vous voulez revenir à l'ancien Facebook

Vous n'aimez pas le lifting de Facebook ? Le site Mashable propose cinq étapes pour revenir à l'ancienne présentation du réseau social.

Les interviews exclusives

Bazando fidélise ses clients avec les Facebook credits

Toutes les interviews

Collection CommentÇaMarche.net

Jean-François Pillou

Tout sur les systèmes d’information : Grandes, moyennes et petites entreprises

Plus de livres

Virus bloodhound [Résolu]

Virus bloodhound »

5 extensions si vous voulez revenir à l'ancien Facebook

"un outil vraiment simple à la portée de tous"

Tout sur les systèmes d’information : Grandes, moyennes et petites entreprises

Tout sur les meilleures extensions pour Firefox et IE : Étendre les possibilités de son navigateur favori

Tout sur les outils Google : Découvrez la galaxie des services Google

Tout pour bien utiliser Word 2010

Tout sur le webmastering (2e édition) : Créer et optimiser son site web