Aller au contenu

kms49

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    11

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par kms49

  1. kms49
    de rien, merci à toi surtout pour ton aide. voici le rapport demandé. sinon le pc marche bien, j'ai toujours le fichier freeprodtb.exe sur le bureau, impossible de supprimer kazaa et ewido qui me dit à chaque fois que j'ai des malwares toolbar qui viennes. ( tbon, look2me, .... ). StartupList report, 08/02/2006, 21:27:33 StartupList version: 1.52.2 Started from : C:\Program Files\hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Securitoo\av_fw\fswsclds.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\RAMpage\RAMpage.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\system32\taskmgr.exe C:\Program Files\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\kamel\Menu Démarrer\Programmes\Démarrage] OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ACTIVBOARD = C:\Apps\ActivBoard\MMKeybd.exe NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe WOOKIT = C:\Program Files\Wanadoo\EspaceWanadoo.exe VTTimer = VTTimer.exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 IMEKRMIG6.1 = C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime ATIPTA = atiptaxx.exe Logitech Utility = Logi_MwX.Exe RAMpage = "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Program Files\RAMpage\RAMpageConfig.exe" Logitech Hardware Abstraction Layer = KHALMNPR.EXE Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe P2P Networking = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART SemanticInsight = C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe KAZAA = C:\Program Files\Kazaa\kazaa.exe /SYSTRAY SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices SchedulingAgent = C:\WINDOWS\System32\mstask.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WOOKIT = C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe Update Service = "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe tbon = C:\Program Files\TBONBin\tbon.exe /r -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\ssmarque.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: *No BHO's found* -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [interface Chat Voila] CODEBASE = http://chat10.x-echo.com/version6/Applet/vchatsign.cab OSD = C:\WINDOWS\Downloaded Program Files\Interface Chat Voila.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [teleir_cert] CODEBASE = https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab OSD = C:\WINDOWS\Downloaded Program Files\teleir_cert.osd [Checkers Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab [MSN Photo Select Tool] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPPick.dll CODEBASE = http://photos.msn.fr/resources/neutral/con....cab?10,0,910,0 [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab [shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab [symantec AntiVirus scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab [PatchInstaller.Installer] InProcServer32 = C:\WINDOWS\System32\XPPatchInstaller.dll CODEBASE = file://D:\content\include\XPPatchInstaller.CAB [{4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B}] CODEBASE = http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://v5.windowsupdate.microsoft.com/v5co...b?1107533172889 [symantec RuFSI Utility Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab [AvxScanOnline Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab [Java Plug-in 1.5.0_03] InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [MSSecurityAdvisorCD Class] InProcServer32 = C:\WINDOWS\System32\mssecucd.dll CODEBASE = file://D:\Content\include\msSecUcd.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab [F-Secure Online Scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\fscax.dll CODEBASE = http://www.securitoo.com/fra/pages/navol/fscax.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab [Aurigma Image Uploader 3.5 Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx CODEBASE = http://www.extrafilm.fr/net/import/ImageUploader3.cab [CRAVOnline Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ravonline.dll CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab [ZoneIntro Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab [Java Plug-in 1.5.0_03] InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab [Microsoft Search Settings Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\searchsettings.ocx CODEBASE = http://lg.home.microsoft.com/search/lobby/searchsettings.cab [AxHtChat Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\npchatg.dll CODEBASE = http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\mswsock.dll Protocol #26: C:\WINDOWS\system32\mswsock.dll Protocol #27: C:\WINDOWS\system32\mswsock.dll Protocol #28: C:\WINDOWS\system32\mswsock.dll Protocol #29: C:\WINDOWS\system32\mswsock.dll Protocol #30: C:\WINDOWS\system32\mswsock.dll Protocol #31: C:\WINDOWS\system32\mswsock.dll Protocol #32: C:\WINDOWS\system32\mswsock.dll Protocol #33: C:\WINDOWS\system32\mswsock.dll Protocol #34: C:\WINDOWS\system32\mswsock.dll Protocol #35: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote d'unité 61883: System32\DRIVERS\61883.sys (manual start) Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart) USB ADSL WAN Adapter: System32\DRIVERS\adiusbaw.sys (manual start) Adobe LM Service: "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (system) Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Pilote de processeur AMD K7: System32\DRIVERS\amdk7.sys (system) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart) ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) Périphérique AVC: System32\DRIVERS\avc.sys (manual start) AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart) AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system) AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system) AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system) AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart) AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Décodeur sous-titre fermé: System32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) NEC VIA 3D Environmental Audio: system32\drivers\cviaaud.sys (manual start) CVIAHALA: system32\drivers\cviahal.sys (manual start) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) DSDrv4: \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys (manual start) dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart) ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system) ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start) VIA Rhine Family Fast Ethernet Adapter Driver Service: System32\DRIVERS\fetnd5b.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) F-Secure Windows Security Center Legacy Detection Service: C:\Program Files\Securitoo\av_fw\fswsclds.exe (autostart) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) France Telecom Routing Table Service: C:\WINDOWS\System32\FTRTSVC.exe (autostart) Enumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start) GMSIPCI: \??\D:\INSTALL\GMSIPCI.SYS (manual start) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Hauppauge WinTV 848/9 WDM Video Driver: system32\drivers\HCWBT8XX.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start) IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start) Pilote du pare-feu Windows IPv6: system32\drivers\ip6fw.sys (manual start) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Logitech SetPoint Keyboard Driver: system32\DRIVERS\L8042Kbd.sys (manual start) Logitech SetPoint PS/2 Mouse Filter Driver: system32\DRIVERS\L8042mou.Sys (manual start) Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042Pr2.sys (manual start) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.sys (manual start) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.sys (manual start) Logitech SetPoint Mouse Filter Driver: system32\DRIVERS\LMouKE.Sys (manual start) AEGIS Protocol (IEEE 802.1x) v2.3.1.9: system32\DRIVERS\mdc8021x.sys (autostart) Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start) Multimedia Keyboard Filter Driver: System32\DRIVERS\msikbd2k.sys (system) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) Mtlmnt5: System32\DRIVERS\Mtlmnt5.sys (manual start) Mtlstrm: System32\DRIVERS\Mtlstrm.sys (manual start) Codec NABTS/FEC VBI: System32\DRIVERS\NABTSFEC.sys (manual start) Connection TV/vidéo Microsoft: System32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Netropa NHK Server: C:\Apps\ActivBoard\nhksrv.exe (autostart) Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) NtMtlFax: System32\DRIVERS\NtMtlFax.sys (manual start) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleur hôte compatible IEE 1394 VIA OHCI: system32\DRIVERS\ohci1394.sys (system) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) PCANDIS5 Protocol Driver: \??\C:\WINDOWS\system32\PCANDIS5.SYS (manual start) PCI Bus Driver: system32\DRIVERS\pci.sys (system) PCTVVBI: System32\DRIVERS\pctvvbi.sys (manual start) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\DRIVERS\PxHelp20.sys (system) Logitech QuickCam Messenger: System32\DRIVERS\LVCM.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start) Pilote de port série: system32\DRIVERS\serial.sys (system) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détrameur décalage BDA: System32\DRIVERS\SLIP.sys (manual start) SmartLink AMR_PCI Driver: System32\DRIVERS\slntamr.sys (manual start) SlNtHal: System32\DRIVERS\Slnthal.sys (manual start) SmartLinkService: slserv.exe (autostart) SlWdmSup: System32\DRIVERS\SlWdmSup.sys (manual start) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) sptd: System32\Drivers\sptd.sys (system) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) SSI: system32\Drivers\SSI.SYS (system) VIA Audio Driver (WDM) - SigmaTel CODEC: system32\drivers\STAC97.sys (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{E53B31E7-0A66-4CD0-8C9B-E482F43ABB96} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) 32bit system bus driver: \??\C:\WINDOWS\system32\drivers\sysbus32.sys (autostart) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Ulead Burning Helper: C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (disabled) Infrastructure de pilote-mode utilisateur Windows: C:\WINDOWS\system32\wdfmgr.exe (manual start) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start) Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start) Classe d'imprimantes USB Microsoft: System32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start) v90drv: System32\DRIVERS\v90drv.sys (manual start) Carte vidéo VGA.: \SystemRoot\System32\drivers\vga.sys (system) Filtre de bus AGP VIA: System32\DRIVERS\viaagp1.sys (system) VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system) viagfx: System32\DRIVERS\vtmini.sys (manual start) ViaIde: System32\DRIVERS\viaidexp.sys (system) viamraid: System32\DRIVERS\viamraid.sys (system) VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system) Vinyl AC'97 Audio Controller (WDM): system32\drivers\viaudios.sys (manual start) Vqtfk: \??\C:\WINDOWS\system32\Vqtfk.sys (autostart) Vsp: \??\C:\WINDOWS\System32\drivers\Vsp.sys (manual start) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Sagem 802.11g Wireless LAN USB Adapter Driver: system32\DRIVERS\WlanUIG.sys (manual start) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Codec Teletext standard: System32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 43 444 bytes Report generated in 0,359 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
  2. kms49
    salut, voici l'analyse de spysweeper. ******** 09:03: | Début de session, mercredi 8 février 2006 | 09:03: Spy Sweeper démarrée 09:03: Analyse lancée avec la version des définitions 612 09:03: Démarrage de l’analyse de la mémoire 09:07: Analyse de la mémoire terminée, temps passé : 00:04:04 09:07: Démarrage de l’analyse du Registre 09:07: Trouvé Adware: altnet 09:07: HKLM\software\altnet\ (1 traces secondaires) (ID = 103481) 09:07: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 traces secondaires) (ID = 103494) 09:07: HKLM\software\microsoft\windows\currentversion\run\ || altnetpointsmanager (ID = 103518) 09:07: Trouvé Adware: broadcastpc 09:07: HKLM\software\microsoft\windows\currentversion\run\ || bpt (ID = 104985) 09:07: HKLM\software\microsoft\windows\currentversion\run\ || di2 (ID = 104988) 09:08: Trouvé Adware: topsearch 09:08: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 traces secondaires) (ID = 143925) 09:08: HKLM\software\classes\topsearch.tslink\ (5 traces secondaires) (ID = 143926) 09:08: HKLM\software\classes\topsearch.tslink.1\ (3 traces secondaires) (ID = 143927) 09:08: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 traces secondaires) (ID = 143928) 09:08: HKCR\topsearch.tslink\ (5 traces secondaires) (ID = 143929) 09:08: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 traces secondaires) (ID = 143930) 09:08: Trouvé Adware: icannnews 09:08: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\shareddlls\ (6 traces secondaires) (ID = 359347) 09:08: Trouvé Adware: rx toolbar 09:08: HKCR\rxresult.rxresultfilter\ (3 traces secondaires) (ID = 729537) 09:08: HKCR\rxresult.rxresultfilter\clsid\ (1 traces secondaires) (ID = 729539) 09:08: HKCR\rxresult.rxresultfilter.1\ (3 traces secondaires) (ID = 729541) 09:08: HKCR\rxresult.rxresultfilter.1\clsid\ (1 traces secondaires) (ID = 729543) 09:08: HKCR\rxresult.rxresulttracker\ (3 traces secondaires) (ID = 729545) 09:08: HKCR\rxresult.rxresulttracker\clsid\ (1 traces secondaires) (ID = 729547) 09:08: HKCR\rxresult.rxresulttracker.1\ (3 traces secondaires) (ID = 729549) 09:08: HKCR\rxresult.rxresulttracker.1\clsid\ (1 traces secondaires) (ID = 729551) 09:08: HKCR\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ (10 traces secondaires) (ID = 729553) 09:08: HKCR\clsid\{59879fa4-4790-461c-a1cc-4ec4de4ca483}\ (8 traces secondaires) (ID = 729564) 09:08: HKCR\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 traces secondaires) (ID = 729573) 09:08: HKLM\software\rxresults\ (4 traces secondaires) (ID = 729611) 09:08: HKLM\software\classes\rxresult.rxresultfilter\ (3 traces secondaires) (ID = 729616) 09:08: HKLM\software\classes\rxresult.rxresultfilter\clsid\ (1 traces secondaires) (ID = 729618) 09:08: HKLM\software\classes\rxresult.rxresultfilter.1\ (3 traces secondaires) (ID = 729620) 09:08: HKLM\software\classes\rxresult.rxresultfilter.1\clsid\ (1 traces secondaires) (ID = 729622) 09:08: HKLM\software\classes\rxresult.rxresulttracker\ (3 traces secondaires) (ID = 729624) 09:08: HKLM\software\classes\rxresult.rxresulttracker\clsid\ (1 traces secondaires) (ID = 729626) 09:08: HKLM\software\classes\rxresult.rxresulttracker.1\ (3 traces secondaires) (ID = 729628) 09:08: HKLM\software\classes\rxresult.rxresulttracker.1\clsid\ (1 traces secondaires) (ID = 729630) 09:08: HKLM\software\classes\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ (10 traces secondaires) (ID = 729632) 09:08: HKLM\software\classes\clsid\{59879fa4-4790-461c-a1cc-4ec4de4ca483}\ (8 traces secondaires) (ID = 729643) 09:08: HKLM\software\classes\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 traces secondaires) (ID = 729652) 09:08: Trouvé Adware: hotbar 09:08: HKCR\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (1 traces secondaires) (ID = 774241) 09:08: HKLM\software\classes\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (1 traces secondaires) (ID = 774517) 09:08: Trouvé Adware: directrevenue-thebestoffersnetwork 09:08: HKLM\software\microsoft\windows\currentversion\uninstall\tbon\ (7 traces secondaires) (ID = 826503) 09:08: Trouvé Trojan Horse: spamrelayer_alpiok 09:08: HKCR\clsid\{6368d1fc-6f5c-4f1b-b164-e67214f678e9}\ (3 traces secondaires) (ID = 945518) 09:08: HKLM\software\classes\clsid\{6368d1fc-6f5c-4f1b-b164-e67214f678e9}\ (3 traces secondaires) (ID = 945546) 09:08: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || systray.exbr (ID = 945548) 09:08: Trouvé Adware: cashdeluxe 09:08: HKCR\winapi32.intelinks\ (3 traces secondaires) (ID = 1106874) 09:08: HKCR\winapi32.mybaner\ (3 traces secondaires) (ID = 1106878) 09:08: HKCR\winapi32.mybho\ (3 traces secondaires) (ID = 1106882) 09:08: HKLM\software\classes\winapi32.intelinks\ (3 traces secondaires) (ID = 1106938) 09:08: HKLM\software\classes\winapi32.mybaner\ (3 traces secondaires) (ID = 1106942) 09:08: HKLM\software\classes\winapi32.mybho\ (3 traces secondaires) (ID = 1106946) 09:08: Trouvé Adware: dollarrevenue 09:08: HKLM\software\microsoft\drsmartload2\ (1 traces secondaires) (ID = 1134137) 09:08: Trouvé Adware: cydoor peer-to-peer dependency 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\kazaa\promotions\cydoor\ (355 traces secondaires) (ID = 124527) 09:08: Trouvé Adware: findthewebsiteyouneed hijack 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || search bar (ID = 125237) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || search page (ID = 125238) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || start page (ID = 125239) 09:08: Trouvé Adware: effective-i toolbar 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\effective-i\ (7 traces secondaires) (ID = 125657) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}\ (1 traces secondaires) (ID = 125661) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\toolbar\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125662) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125668) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || search bar (ID = 790268) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\tbon\ (36 traces secondaires) (ID = 826461) 09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\windows\currentversion\run\ || tbon (ID = 826497) 09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\kazaa\promotions\cydoor\ (367 traces secondaires) (ID = 124527) 09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575) 09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576) 09:08: Trouvé Adware: instafinder 09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\instafink\ (3 traces secondaires) (ID = 128666) 09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {25d8bacf-3de2-4b48-ae22-d659b8d835b0} (ID = 140301) 09:08: Trouvé Adware: upz dialer 09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\timsoft\ (2 traces secondaires) (ID = 400893) 09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437) 09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\tbon\ (36 traces secondaires) (ID = 826461) 09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\microsoft\windows\currentversion\run\ || tbon (ID = 826497) 09:08: Analyse du Registre terminée, temps passé :00:00:21 09:08: Démarrage de l’analyse des cookies 09:08: Trouvé Spy Cookie: yieldmanager cookie 09:08: kamel_2@ad.yieldmanager[1].txt (ID = 3751) 09:08: Trouvé Spy Cookie: hbmediapro cookie 09:08: kamel_2@adopt.hbmediapro[2].txt (ID = 2768) 09:08: Trouvé Spy Cookie: advertising cookie 09:08: kamel_2@advertising[1].txt (ID = 2175) 09:08: Trouvé Spy Cookie: btgrab cookie 09:08: kamel_2@btg.btgrab[2].txt (ID = 2333) 09:08: Trouvé Spy Cookie: cliks cookie 09:08: kamel_2@cliks[1].txt (ID = 2414) 09:08: Trouvé Spy Cookie: offeroptimizer cookie 09:08: kamel_2@offeroptimizer[2].txt (ID = 3087) 09:08: kamel_2@offeroptimizer[3].txt (ID = 3087) 09:08: Trouvé Spy Cookie: tradedoubler cookie 09:08: kamel_2@tradedoubler[1].txt (ID = 3575) 09:08: Trouvé Spy Cookie: xiti cookie 09:08: kamel_2@xiti[1].txt (ID = 3717) 09:08: Trouvé Spy Cookie: zedo cookie 09:08: kamel_2@zedo[2].txt (ID = 3762) 09:08: kamel@ad.yieldmanager[1].txt (ID = 3751) 09:08: Trouvé Spy Cookie: belnk cookie 09:08: kamel@belnk[1].txt (ID = 2292) 09:08: kamel@btg.btgrab[2].txt (ID = 2333) 09:08: kamel@cliks[1].txt (ID = 2414) 09:08: kamel@dist.belnk[2].txt (ID = 2293) 09:08: kamel@offeroptimizer[1].txt (ID = 3087) 09:08: Trouvé Spy Cookie: serving-sys cookie 09:08: kamel@serving-sys[2].txt (ID = 3343) 09:08: kamel@tradedoubler[2].txt (ID = 3575) 09:08: kamel@xiti[1].txt (ID = 3717) 09:08: kamel@zedo[2].txt (ID = 3762) 09:08: Analyse des cookies terminée, temps passé : 00:00:00 09:08: Démarrage de l’analyse des fichiers 09:08: c:\program files\tbonbin (2 traces secondaires) (ID = -2147471500) 09:08: c:\program files\bpt (2 traces secondaires) (ID = -2147481334) 09:08: Trouvé Adware: delfin 09:08: c:\documents and settings\all users\application data\vmss (1 traces secondaires) (ID = -2147481132) 09:08: c:\windows\system32\vmss (ID = -2147481116) 09:08: Trouvé Adware: findthewebsiteyouneed hijacker 09:08: a0067819.exe (ID = 242087) 09:13: Trouvé Adware: look2me 09:13: a0067835.dll (ID = 159) 09:13: a0067832.dll (ID = 163672) 09:14: a0067825.dll (ID = 159) 09:14: a0067821.exe (ID = 59853) 09:15: topsearch.dll (ID = 79735) 09:15: a0067820.exe (ID = 168558) 09:16: a0067838.dll (ID = 159) 09:17: drsmartload95a.exe (ID = 242066) 09:18: a0067818.exe (ID = 242116) 09:18: a0067834.dll (ID = 163672) 09:18: a0056298.manifest (ID = 49859) 09:18: Trouvé Adware: bullguard popup ad 09:18: a0056239.exe (ID = 52016) 09:18: a0067827.dll (ID = 159) 09:18: a0067824.dll (ID = 159) 09:18: a0067828.dll (ID = 163672) 09:19: a0067833.dll (ID = 163672) 09:19: a0067840.dll (ID = 163672) 09:19: a0038404.manifest (ID = 49859) 09:20: peer points manager.lnk (ID = 49852) 09:23: a0056235.manifest (ID = 49859) 09:23: a0067830.dll (ID = 159) 09:23: a0067837.dll (ID = 163672) 09:23: a0067829.dll (ID = 163672) 09:24: a0067822.dll (ID = 163672) 09:25: a0067836.dll (ID = 159) 09:25: a0067831.dll (ID = 159) 09:25: a0067826.dll (ID = 159) 09:25: a0067823.dll (ID = 159) 09:26: a0067839.dll (ID = 159) 09:26: tboninst.cfg (ID = 211835) 09:26: tboninst.cfg (ID = 211835) 09:26: a0063399.lnk (ID = 59838) 09:26: a0063400.lnk (ID = 59855) 09:26: a0067602.lnk (ID = 59838) 09:26: a0067601.lnk (ID = 59855) 09:26: a0067604.lnk (ID = 59855) 09:26: a0067605.lnk (ID = 59838) 09:26: Trouvé Adware: azsearch toolbar 09:26: a0039095.inf (ID = 50329) 09:26: Trouvé System Monitor: potentially rootkit-masked files 09:26: sysbus32.sys (ID = 0) 09:29: Avertissement: Unhandled Archive Type 09:30: Avertissement: Unhandled Archive Type 09:31: Analyse des fichiers terminée, temps passé : 00:22:59 09:31: Analyse complète terminée. Durée 00:27:39 09:31: Traces trouvées : 1155 09:32: Processus de suppression lancé. 09:32: Mise en quarantaine de toutes les traces : icannnews 09:32: Mise en quarantaine de toutes les traces : look2me 09:33: Mise en quarantaine de toutes les traces : potentially rootkit-masked files 09:33: Mise en quarantaine de toutes les traces : spamrelayer_alpiok 09:33: Mise en quarantaine de toutes les traces : azsearch toolbar 09:33: Mise en quarantaine de toutes les traces : broadcastpc 09:33: Mise en quarantaine de toutes les traces : delfin 09:33: Mise en quarantaine de toutes les traces : dollarrevenue 09:33: Mise en quarantaine de toutes les traces : hotbar 09:33: Mise en quarantaine de toutes les traces : altnet 09:33: Mise en quarantaine de toutes les traces : bullguard popup ad 09:33: Mise en quarantaine de toutes les traces : cashdeluxe 09:33: Mise en quarantaine de toutes les traces : cydoor peer-to-peer dependency 09:33: Mise en quarantaine de toutes les traces : effective-i toolbar 09:33: Mise en quarantaine de toutes les traces : findthewebsiteyouneed hijacker 09:33: Mise en quarantaine de toutes les traces : findthewebsiteyouneed hijack 09:33: Mise en quarantaine de toutes les traces : instafinder 09:33: Mise en quarantaine de toutes les traces : rx toolbar 09:33: Mise en quarantaine de toutes les traces : topsearch 09:33: Mise en quarantaine de toutes les traces : upz dialer 09:33: Mise en quarantaine de toutes les traces : advertising cookie 09:33: Mise en quarantaine de toutes les traces : belnk cookie 09:33: Mise en quarantaine de toutes les traces : btgrab cookie 09:33: Mise en quarantaine de toutes les traces : cliks cookie 09:33: Mise en quarantaine de toutes les traces : directrevenue-thebestoffersnetwork 09:33: Mise en quarantaine de toutes les traces : hbmediapro cookie 09:33: Mise en quarantaine de toutes les traces : offeroptimizer cookie 09:33: Mise en quarantaine de toutes les traces : serving-sys cookie 09:33: Mise en quarantaine de toutes les traces : tradedoubler cookie 09:33: Mise en quarantaine de toutes les traces : xiti cookie 09:33: Mise en quarantaine de toutes les traces : yieldmanager cookie 09:33: Mise en quarantaine de toutes les traces : zedo cookie 09:34: Processus de suppression lancé. Durée 00:01:23 ******** 08:59: | Début de session, mercredi 8 février 2006 | 08:59: Spy Sweeper démarrée 09:01: Les définitions de logiciels espions ont été mises à jour. 09:03: | Fin de session, mercredi 8 février 2006 | et voici l'analyse de hijackthis. Logfile of HijackThis v1.99.1 Scan saved at 09:37:50, on 08/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Securitoo\av_fw\fswsclds.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Program Files\RAMpage\RAMpageConfig.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\RunServices: [schedulingAgent] C:\WINDOWS\System32\mstask.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.fr/resources/neutral/con....cab?10,0,910,0 O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107533172889 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/import/ImageUploader3.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\q886lils18q6.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  3. kms49
    l2mfix me demandais à la fin de fix avec hijackthis le fichier 020 car il ne trouvais pas.
  4. kms49
    C'est pareil je crois. L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 616 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killin
  5. kms49
    SALUT Pourquoi il me manque des parties svp. voici le premier rapport. J'ai efface des lignes killing PID 616 'smss.exe car sinon la totalite ne s'affichait pas sinon je n'ais pas eu de probleme avant. L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 616 'smss.exe' Killing PID 616 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe'Killing PID 3980 'winlogon.exe' Killing PID 3980 'winlogon.exe' Killing PID 3980 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1700 'explorer.exe' Killing PID 1700 'explorer.exe' Killing PID 1700 'explorer.exe' Killing PID 1700 'explorer.exe' Killing PID 1700 'explorer.exe' Killing PID 2892 'explorer.exe' Killing PID 2892 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\q886lils18q6.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\djiman32.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}] @="" [HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}\InprocServer32] @="C:\\WINDOWS\\system32\\hpwsched.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}\InprocServer32] @="C:\\WINDOWS\\system32\\WXDRMNet.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}] @="" [HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}\InprocServer32] @="C:\\WINDOWS\\system32\\dqwsockx.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}] @="" [HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}\InprocServer32] @="C:\\WINDOWS\\system32\\iixrtmgr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}] @="" "IDEx"="AD" [HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}\InprocServer32] @="C:\\WINDOWS\\system32\\de3j.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{74914E67-9994-40C9-B302-3A0985F96545}"=- "{4F4DA8EF-52E6-4C08-A878-A07B698299A9}"=- "{47524C3A-D772-47C9-A5B1-54550CD68280}"=- "{542DEF8F-9858-4DF4-A8FB-E5325C22D743}"=- "{535E5B4E-09CF-4F91-B79D-FF2C49E07062}"=- [-HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}] [-HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}] [-HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}] [-HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}] [-HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/47524C3A-D772-47C9-A5B1-54550CD68280.reg (188 bytes security) (deflated 70%) adding: backregs/4F4DA8EF-52E6-4C08-A878-A07B698299A9.reg (188 bytes security) (deflated 70%) adding: backregs/535E5B4E-09CF-4F91-B79D-FF2C49E07062.reg (188 bytes security) (deflated 69%) adding: backregs/542DEF8F-9858-4DF4-A8FB-E5325C22D743.reg (188 bytes security) (deflated 70%) adding: backregs/74914E67-9994-40C9-B302-3A0985F96545.reg (188 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 88%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) Voici le rapport hijackthis. Logfile of HijackThis v1.99.1 Scan saved at 22:03:13, on 07/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Securitoo\av_fw\fswsclds.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\Apps\ActivBoard\MMKeybd.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\RAMpage\RAMpage.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\kamel\LOCALS~1\Temp\27.exe\27.exe" O4 - HKLM\..\Run: [bPT] "C:\Program Files\Bpt\bpt.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Program Files\RAMpage\RAMpageConfig.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\RunServices: [schedulingAgent] C:\WINDOWS\System32\mstask.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.fr/resources/neutral/con....cab?10,0,910,0 O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107533172889 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/import/ImageUploader3.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\q886lils18q6.dll (file missing) O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\djiman32.dll (file missing) O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\bofjokec.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  6. kms49
    Salut, voici les rapports demandés. L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 616 'smss.exe' Killing PID 616 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' Killing PID 896 'winlogon.exe' K
  7. kms49
    salut, Voici le rapport de lm2fix. L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\q886lils18q6.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\djiman32.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{99B88228-9BF2-A2FE-643D-7C284AA23FAF}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrٹs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Paramٹtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A0752120-6D75-D111-B5B1-0800095A2318}"="HandyBits EasyCrypto Shell Extensions" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes" "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8" "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1" "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter" "{780BCB64-0CAF-473c-A9FC-E08C03D75515}"="Matroska Shell Extension, Properties Page CLSID" "{78DC191E-EFC1-4532-9A71-224577A86A7D}"="Matroska Shell Extension, Thumbnail Handler CLSID" "{794D04CA-70AC-4020-80EB-FFD59DEF8027}"="Matroska Shell Extension, Tooltip Provider CLSID" "{789111D8-68A3-46a3-9663-145A3FF4C9C9}"="Matroska Shell Extension, ContextMenu CLSID" "{781395AF-A127-469f-A06F-59B482AF4F3F}"="Matroska Shell Extension, Column Provider CLSID" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{08267B21-223F-11d3-ACD4-004F4902B913}"="Desktop Architect" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="a‎ Context Menu Shell Extension" "{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{74914E67-9994-40C9-B302-3A0985F96545}"="" "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler" "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler" "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer" "{4F4DA8EF-52E6-4C08-A878-A07B698299A9}"="" "{47524C3A-D772-47C9-A5B1-54550CD68280}"="" "{542DEF8F-9858-4DF4-A8FB-E5325C22D743}"="" "{535E5B4E-09CF-4F91-B79D-FF2C49E07062}"="" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}] @="" [HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}\InprocServer32] @="C:\\WINDOWS\\system32\\hpwsched.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}\InprocServer32] @="C:\\WINDOWS\\system32\\WXDRMNet.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}] @="" [HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}\InprocServer32] @="C:\\WINDOWS\\system32\\dqwsockx.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}] @="" [HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}\InprocServer32] @="C:\\WINDOWS\\system32\\iixrtmgr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}] @="" "IDEx"="AD" [HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}\InprocServer32] @="C:\\WINDOWS\\system32\\de3j.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: Une ou plusieurs pages de codes CON non valides pour ce code de clavier C:\WINDOWS\SYSTEM32\ atl71.dll Wed Nov 23 2005 2:47:00a A.... 89,088 87.00 K browseui.dll Thu Nov 24 2005 1:08:34a A.... 1,022,976 999.00 K cmdlin~1.dll Wed Nov 9 2005 6:18:52p A.... 43,520 42.50 K dn0o01~1.dll Sun Feb 5 2006 10:22:32a ..S.R 234,656 229.16 K dqwsockx.dll Sun Feb 5 2006 10:59:56a ..S.R 234,272 228.78 K en0ol1~1.dll Sun Feb 5 2006 11:47:22p ..S.R 234,478 228.98 K f4l00e~1.dll Sun Feb 5 2006 10:22:16a ..S.R 234,306 228.81 K gdi32.dll Thu Dec 29 2005 3:56:04a A.... 280,064 273.50 K h60qlg~1.dll Mon Feb 6 2006 12:13:42p ..S.R 236,780 231.23 K irlol5~1.dll Mon Feb 6 2006 9:05:04a ..S.R 235,274 229.76 K irnsl5~1.dll Sun Feb 5 2006 10:19:20a ..S.R 236,027 230.49 K izss.dll Sun Feb 5 2006 10:22:16a ..S.R 234,272 228.78 K j26mlc~1.dll Sun Feb 5 2006 10:42:38a ..S.R 234,272 228.78 K k4jsle~1.dll Sun Feb 5 2006 10:40:58a ..S.R 235,986 230.45 K kemutb.dll Wed Nov 23 2005 2:47:00a A.... 143,360 140.00 K kemutil.dll Wed Nov 23 2005 2:47:00a A.... 90,112 88.00 K kemwnd.dll Wed Nov 23 2005 2:47:00a A.... 86,016 84.00 K kemxml.dll Wed Nov 23 2005 2:47:00a A.... 65,536 64.00 K kxdmaori.dll Mon Feb 6 2006 9:04:04a ..S.R 235,274 229.76 K m2rmlc~1.dll Sun Feb 5 2006 10:29:26a ..S.R 234,272 228.78 K mfc71.dll Wed Nov 23 2005 2:47:00a A.... 1,060,864 1.01 M mfc71u.dll Wed Nov 23 2005 2:47:00a A.... 1,047,552 1023.00 K mmgcap32.dll Sun Feb 5 2006 10:23:50a ..S.R 234,272 228.78 K mnxml.dll Sun Feb 5 2006 11:50:00a ..S.R 234,272 228.78 K mshtml.dll Thu Nov 24 2005 1:08:36a A.... 3,013,632 2.87 M msvcp71.dll Wed Nov 23 2005 2:47:00a A.... 499,712 488.00 K msvcr71.dll Wed Nov 23 2005 2:47:00a A.... 348,160 340.00 K msvr-kw.dll Sun Dec 25 2005 10:57:30p A.... 26,229 25.61 K mswinu~1.dll Thu Feb 2 2006 2:32:28p A.... 268 0.26 K mswinxml.dll Thu Feb 2 2006 2:27:18p A.... 9,806 9.57 K mxvcrt.dll Mon Feb 6 2006 9:37:04a ..S.R 235,274 229.76 K racrt4.dll Sun Feb 5 2006 7:41:52p ..S.R 235,274 229.76 K rvcpldlg.dll Sun Feb 5 2006 10:40:58a ..S.R 234,272 228.78 K shdocvw.dll Thu Dec 1 2005 5:01:16a A.... 1,492,992 1.42 M smpblb.dll Sun Feb 5 2006 11:04:44a ..S.R 234,478 228.98 K unicows.dll Wed Nov 23 2005 2:47:00a A.... 258,352 252.30 K winapi32.dll Thu Feb 2 2006 2:27:34p A.... 77,824 76.00 K winlfl32.dll Thu Feb 2 2006 2:31:54p A.... 441 0.43 K wkavusd.dll Mon Feb 6 2006 9:23:54a ..S.R 235,274 229.76 K wphatm.dll Sun Feb 5 2006 10:27:24a ..S.R 234,272 228.78 K 40 items found: 40 files (20 H/S), 0 directories. Total of file sizes: 14,353,761 bytes 13.69 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Mon Feb 6 2006 1:25:22p ..S.R 235,274 229.76 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 235,274 bytes 229.76 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle HDD Le num‚ro de s‚rie du volume est 10A4-5641 R‚pertoire de C:\WINDOWS\System32 06/02/2006 13:25 235ے274 guard.tmp 06/02/2006 12:13 236ے780 h60qlgd5160.dll 06/02/2006 09:37 235ے274 mxvcrt.dll 06/02/2006 09:23 235ے274 wkavusd.dll 06/02/2006 09:05 235ے274 irlol5331.dll 06/02/2006 09:04 235ے274 kxdmaori.dll 05/02/2006 23:47 234ے478 en0ol1d31.dll 05/02/2006 19:41 235ے274 racrt4.dll 05/02/2006 11:49 234ے272 mnxml.dll 05/02/2006 11:04 234ے478 smpblb.dll 05/02/2006 10:59 234ے272 dqwsockx.dll 05/02/2006 10:42 234ے272 j26mlcj11fo.dll 05/02/2006 10:40 234ے272 rVcpldlg.dll 05/02/2006 10:40 235ے986 k4jsle171h.dll 05/02/2006 10:29 234ے272 m2rmlc911f.dll 05/02/2006 10:27 234ے272 wphatm.dll 05/02/2006 10:23 234ے272 mmgcap32.dll 05/02/2006 10:22 234ے656 dn0o01d3e.dll 05/02/2006 10:22 234ے272 izss.dll 05/02/2006 10:22 234ے306 f4l00e3meh.dll 05/02/2006 10:19 236ے027 irnsl5571.dll 04/02/2006 17:53 6ے144 access.ctl 11/01/2006 12:28 <REP> dllcache 25/07/2005 12:19 56 7BF250D88C.sys 25/07/2005 12:19 1ے682 KGyGaAvL.sys 02/11/2004 05:18 <REP> Microsoft 24 fichier(s) 4ے940ے413 octets 2 R‚p(s) 16ے304ے316ے416 octets libres
  8. kms49
    voici comme prévu, les rapports sorties en mode sans échec par smitfraudfix et hijackthis. SmitFraudFix v2.16 Rapport fait à 23:22:21,57 le 06/02/2006 Executé à partir de C:\Documents and Settings\kamel\Bureau\Nouveau dossier (2)\Nouveau dossier (3)\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\secure32.html supprimé »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 23:25:56, on 06/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\notepad.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\kamel\LOCALS~1\Temp\27.exe\27.exe" O4 - HKLM\..\Run: [bPT] "C:\Program Files\Bpt\bpt.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Program Files\RAMpage\RAMpageConfig.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\RunServices: [schedulingAgent] C:\WINDOWS\System32\mstask.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.fr/resources/neutral/con....cab?10,0,910,0 O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107533172889 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/import/ImageUploader3.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\q886lils18q6.dll (file missing) O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\djiman32.dll (file missing) O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\bofjokec.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  9. kms49
    bonsoir, j'ais fait ce que tu m'as dit tornado. Voici mon premier rapport avec smitfraudfix.cmd. SmitFraudFix v2.16 Rapport fait à 23:14:12,26 le 06/02/2006 Executé à partir de C:\Documents and Settings\kamel\Bureau\Nouveau dossier (2)\Nouveau dossier (3)\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS C:\WINDOWS\secure32.html PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\kamel\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport J'en refais un de suite en mode sans echec ainsi qu'un rapport hijachthis. a+
  10. kms49
    Salut tornado, Je n'arrive pas à desinstaller kazaa Pour la procédure je la fairais ce soir car je travaille toute l'après midi. merci.
  11. kms49
    bonjour, mon pc est multi infectés. Sur mon bureau j'ai un fichier nommé freeprodtb.exe qui ne veut pas s'éffacer. Mon pc rame et j'ais différentes publicité de logiciel antivirus. Voici les rapports de hijackthis et ewido. merci d'avance. Logfile of HijackThis v1.99.1 Scan saved at 11:12:17, on 06/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\Apps\ActivBoard\TrayMon.exe C:\Program Files\QuickTime\qttask.exe C:\Apps\ActivBoard\OSD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\RAMpage\RAMpage.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\kamel\Mes documents\HijackThis.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\kamel\LOCALS~1\Temp\27.exe\27.exe" O4 - HKLM\..\Run: [bPT] "C:\Program Files\Bpt\bpt.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Program Files\RAMpage\RAMpageConfig.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe O4 - HKLM\..\RunServices: [schedulingAgent] C:\WINDOWS\System32\mstask.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r O4 - HKCU\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\kamel\Mes documents\ErrorSafeScannerInstall_fr.exe" O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.fr/resources/neutral/con....cab?10,0,910,0 O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107533172889 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/import/ImageUploader3.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: policies - C:\WINDOWS\system32\enn8l15u1.dll O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\djiman32.dll (file missing) O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\bofjokec.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 10:16:18, 05/02/2006 + Somme de contrôle: 6EC0D6ED + Résultats du scan: HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Spyware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Spyware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Spyware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Spyware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Effective-i -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{44BE0690-5429-47f0-85BB-3FFD8020233E} -> Spyware.UCmore : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Effective-i -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Kazaa\Promotions\Cydoor -> Spyware.Cydoor : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Spyware.Cydoor : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Spyware.Cydoor : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Spyware.Cydoor : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Spyware.Cydoor : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Spyware.Cydoor : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Spyware.Cydoor : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Spyware.Cydoor : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Spyware.Cydoor : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E} -> Spyware.UCmore : Nettoyer et sauvegarder HKU\S-1-5-21-436374069-1606980848-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Nettoyer et sauvegarder C:\Documents and Settings\kamel\Cookies\kamel@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder C:\Documents and Settings\kamel\Cookies\kamel@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder C:\Documents and Settings\kamel\Local Settings\Temporary Internet Files\Content.IE5\01INKDQN\gimmygames[1].exe -> Downloader.VB.vr : Nettoyer et sauvegarder C:\Documents and Settings\kamel\Local Settings\Temporary Internet Files\Content.IE5\CXUJS1IZ\Installer[1].exe -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\kamel\Local Settings\Temporary Internet Files\Content.IE5\OTA7CPYF\ucmoreiex[1].exe/UCMTSAIE.DLL -> Spyware.UCmore : Nettoyer et sauvegarder C:\Documents and Settings\kamel\Local Settings\Temporary Internet Files\Content.IE5\OTA7CPYF\ucmoreiex[1].exe/IUCMORE.DLL -> Spyware.UCmore : Nettoyer et sauvegarder C:\Documents and Settings\kamel\Local Settings\Temporary Internet Files\Content.IE5\OTA7CPYF\winsysban5[1].exe -> Hijacker.VB.kc : Nettoyer et sauvegarder C:\gimmygames.exe -> Downloader.VB.vr : Nettoyer et sauvegarder C:\Installer.exe -> Spyware.Look2Me : Nettoyer et sauvegarder C:\Program Files\Kazaa\TopSearch.dll -> Spyware.Altnet : Nettoyer et sauvegarder C:\Program Files\RXToolBar -> Spyware.RXToolbar : Nettoyer et sauvegarder C:\Program Files\RXToolBar\Semantic Insight -> Spyware.RXToolbar : Nettoyer et sauvegarder C:\Program Files\TBONBin -> Adware.BetterInternet : Nettoyer et sauvegarder C:\Program Files\TheSearchAccelerator\IUCmore.dll -> Spyware.UCmore : Nettoyer et sauvegarder C:\Program Files\TheSearchAccelerator\__delete_on_reboot__UCMTSAIE.dll -> Spyware.UCmore : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057145.exe -> Spyware.P2PNetworking : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057146.dll -> Spyware.Altnet : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057148.dll -> Spyware.Altnet : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057149.dll -> Spyware.Altnet : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057150.dll -> Spyware.Altnet : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057151.exe -> Spyware.Altnet : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057154.dll -> Spyware.Altnet : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057156.exe -> Adware.Bestofer : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057157.exe -> Downloader.VB.vs : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057158.dll -> Spyware.Cydoor : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP477\A0057159.exe -> Hijacker.VB.kc : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP478\A0058248.exe -> Spyware.Altnet : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP478\A0058249.dll -> Spyware.Altnet : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP478\A0058250.exe -> Spyware.Altnet : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP478\A0058251.dll -> Spyware.Altnet : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP478\A0058253.exe -> Adware.Bestofer : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP478\A0058254.dll -> Spyware.Cydoor : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP478\A0058255.DLL -> Spyware.P2PNetworking : Nettoyer et sauvegarder C:\System Volume Information\_restore{199DAEA6-A533-4354-830F-0CC5672929C5}\RP478\A0058268.exe -> Downloader.VB.vr : Nettoyer et sauvegarder C:\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Nettoyer et sauvegarder C:\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Nettoyer et sauvegarder C:\WINDOWS\gimmygames.exe -> Downloader.VB.vr : Nettoyer et sauvegarder C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Nettoyer et sauvegarder C:\WINDOWS\system32\P2P Networking -> Spyware.P2PNetworking : Nettoyer et sauvegarder C:\WINDOWS\system32\__delete_on_reboot__kddfa.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\__delete_on_reboot__wpvdmoe2.dll -> Spyware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\__delete_on_reboot__winsysban5.exe -> Hijacker.VB.kc : Nettoyer et sauvegarder ::Fin du rapport
×
×
  • Créer...