Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

pc multi infectés

kms49

Par kms49
dans Analyses et éradication malwares

 Partager

Messages recommandés

kms49 Junior Member

kms49

Posté(e)
  • Auteur
Posté(e)

Salut, voici les rapports demandés.

 

L2mfix 010406

Creating Account.

La commande s'est termin‚e correctement.

 

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

 

Running From:

C:\WINDOWS\system32

 

Killing Processes!

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 616 'smss.exe'

Killing PID 616 'smss.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

K

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Salut kms49 (et coucou Regis :P ) ;

 

Est-ce un bug de l'outil ? Ton rapport est trop long pour la limite des posts ici ; pourrais-tu poster la suite s'il te plaît ? et dis moi si t'as rencontré des difficultés...

kms49 Junior Member

kms49

Posté(e)
  • Auteur
Posté(e)

SALUT

Pourquoi il me manque des parties svp.

 

 

voici le premier rapport. J'ai efface des lignes killing PID 616 'smss.exe car sinon la totalite ne s'affichait pas

sinon je n'ais pas eu de probleme avant.

L2mfix 010406

Creating Account.

La commande s'est termin‚e correctement.

 

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

 

Running From:

C:\WINDOWS\system32

 

Killing Processes!

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 616 'smss.exe'

Killing PID 616 'smss.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'Killing PID 3980 'winlogon.exe'

Killing PID 3980 'winlogon.exe'

Killing PID 3980 'winlogon.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1700 'explorer.exe'

Killing PID 1700 'explorer.exe'

Killing PID 1700 'explorer.exe'

Killing PID 1700 'explorer.exe'

Killing PID 1700 'explorer.exe'

Killing PID 2892 'explorer.exe'

Killing PID 2892 'explorer.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of rundll32.exe

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrateurs ... successful

 

Scanning First Pass. Please Wait!

 

First Pass Completed

 

Second Pass Scanning

 

Second pass Completed!

 

 

 

Restoring Windows Update Certificates.:

 

The following Is the Current Export of the Winlogon notify key:

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\q886lils18q6.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\djiman32.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

 

The following are the files found:

****************************************************************************

 

Registry Entries that were Deleted:

Please verify that the listing looks ok.

If there was something deleted wrongly there are backups in the backreg folder.

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}\InprocServer32]

@="C:\\WINDOWS\\system32\\hpwsched.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}\InprocServer32]

@="C:\\WINDOWS\\system32\\WXDRMNet.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}\InprocServer32]

@="C:\\WINDOWS\\system32\\dqwsockx.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}\InprocServer32]

@="C:\\WINDOWS\\system32\\iixrtmgr.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}]

@=""

"IDEx"="AD"

 

[HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}\InprocServer32]

@="C:\\WINDOWS\\system32\\de3j.dll"

"ThreadingModel"="Apartment"

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{74914E67-9994-40C9-B302-3A0985F96545}"=-

"{4F4DA8EF-52E6-4C08-A878-A07B698299A9}"=-

"{47524C3A-D772-47C9-A5B1-54550CD68280}"=-

"{542DEF8F-9858-4DF4-A8FB-E5325C22D743}"=-

"{535E5B4E-09CF-4F91-B79D-FF2C49E07062}"=-

[-HKEY_CLASSES_ROOT\CLSID\{74914E67-9994-40C9-B302-3A0985F96545}]

[-HKEY_CLASSES_ROOT\CLSID\{4F4DA8EF-52E6-4C08-A878-A07B698299A9}]

[-HKEY_CLASSES_ROOT\CLSID\{47524C3A-D772-47C9-A5B1-54550CD68280}]

[-HKEY_CLASSES_ROOT\CLSID\{542DEF8F-9858-4DF4-A8FB-E5325C22D743}]

[-HKEY_CLASSES_ROOT\CLSID\{535E5B4E-09CF-4F91-B79D-FF2C49E07062}]

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"SV1"=""

****************************************************************************

Desktop.ini Contents:

****************************************************************************

 

****************************************************************************

Checking for L2MFix account(0=no 1=yes):

0

Zipping up files for submission:

zip warning: name not matched: dlls\*.*

 

zip error: Nothing to do! (backup.zip)

adding: backregs/47524C3A-D772-47C9-A5B1-54550CD68280.reg (188 bytes security) (deflated 70%)

adding: backregs/4F4DA8EF-52E6-4C08-A878-A07B698299A9.reg (188 bytes security) (deflated 70%)

adding: backregs/535E5B4E-09CF-4F91-B79D-FF2C49E07062.reg (188 bytes security) (deflated 69%)

adding: backregs/542DEF8F-9858-4DF4-A8FB-E5325C22D743.reg (188 bytes security) (deflated 70%)

adding: backregs/74914E67-9994-40C9-B302-3A0985F96545.reg (188 bytes security) (deflated 70%)

adding: backregs/notibac.reg (164 bytes security) (deflated 88%)

adding: backregs/shell.reg (164 bytes security) (deflated 73%)

 

 

Voici le rapport hijackthis.

 

Logfile of HijackThis v1.99.1

Scan saved at 22:03:13, on 07/02/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\Securitoo\av_fw\fswsclds.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\notepad.exe

C:\Apps\ActivBoard\MMKeybd.exe

C:\Apps\ActivBoard\TrayMon.exe

C:\Apps\ActivBoard\OSD.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\RAMpage\RAMpage.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe

O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\kamel\LOCALS~1\Temp\27.exe\27.exe"

O4 - HKLM\..\Run: [bPT] "C:\Program Files\Bpt\bpt.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Program Files\RAMpage\RAMpageConfig.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\RunServices: [schedulingAgent] C:\WINDOWS\System32\mstask.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.fr/resources/neutral/con....cab?10,0,910,0

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107533172889

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/import/ImageUploader3.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab

O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)

O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\q886lils18q6.dll (file missing)

O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\djiman32.dll (file missing)

O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\bofjokec.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Hmmm... l'outil rencontre un problème.

 

Ok, je vais te demander de repasser l'option #2 de L2MFix tel que décrit plus haut ; ça se fait en mode Normal. Poste le nouveau rapport dans ta prochaine réponse. Si les problèmes persistent, je demanderai au créateur de regarder le tout et de me suggérer une autre façon. Nous avons également un autre outil en réserve, donc pas de stress :P

kms49 Junior Member

kms49

Posté(e)
  • Auteur
Posté(e)

C'est pareil je crois.

 

L2mfix 010406

Creating Account.

La commande s'est termin‚e correctement.

 

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

 

Running From:

C:\WINDOWS\system32

 

Killing Processes!

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 616 'smss.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killing PID 896 'winlogon.exe'

Killin

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Resalut :P

 

Ce message de L2MFix, au sujet de la ligne O20, est tout à fait normal, car il faut fixer la ou les lignes après son passage. Dans ton cas par contre, il semble y avoir une autre bestiole qui gêne, alors passons un autre outil :

 

Télécharge SpySweeper (de Webroot) de ce lien (version d'essai de 14 jours) : http://www.webroot.com/fr/products/spysweeper

  • Clique sur "Essayer".
  • Installe le programme. Une fois installé, il se lancera.
  • L'option de le mettre à jour s'affichera; clic Yes.
  • Lorsque les mises à jour seront installées, clic Options sur la gauche.
  • Clic sur l'onglet Sweep Options.
  • Sous What to Sweep, coche les options suivantes:

    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • DÉCOCHE Do not Sweep System Restore Folder.

    [*]Clic Sweep Now sur la gauche.

    [*]Clic sur Start.

    [*]Quand le scan est terminé, clic sur Next.

    [*]Assure-toi que tous les items sont cochés, puis clic sur Next.

    [*]Tous les items cochés seront éliminés.

    [*]Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.

    [*]Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.

    [*]Clic sur l'onglet Summary, puis clic sur Finish.

    [*]Colle le contenu du "Session Log" dans ta prochaine réponse.

Et poste un nouveau rapport HijackThis! également (du mode Normal).

 

@ + tard

kms49 Junior Member

kms49

Posté(e)
  • Auteur
Posté(e)

salut, voici l'analyse de spysweeper.

 

********

09:03: | Début de session, mercredi 8 février 2006 |

09:03: Spy Sweeper démarrée

09:03: Analyse lancée avec la version des définitions 612

09:03: Démarrage de l’analyse de la mémoire

09:07: Analyse de la mémoire terminée, temps passé : 00:04:04

09:07: Démarrage de l’analyse du Registre

09:07: Trouvé Adware: altnet

09:07: HKLM\software\altnet\ (1 traces secondaires) (ID = 103481)

09:07: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 traces secondaires) (ID = 103494)

09:07: HKLM\software\microsoft\windows\currentversion\run\ || altnetpointsmanager (ID = 103518)

09:07: Trouvé Adware: broadcastpc

09:07: HKLM\software\microsoft\windows\currentversion\run\ || bpt (ID = 104985)

09:07: HKLM\software\microsoft\windows\currentversion\run\ || di2 (ID = 104988)

09:08: Trouvé Adware: topsearch

09:08: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 traces secondaires) (ID = 143925)

09:08: HKLM\software\classes\topsearch.tslink\ (5 traces secondaires) (ID = 143926)

09:08: HKLM\software\classes\topsearch.tslink.1\ (3 traces secondaires) (ID = 143927)

09:08: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 traces secondaires) (ID = 143928)

09:08: HKCR\topsearch.tslink\ (5 traces secondaires) (ID = 143929)

09:08: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 traces secondaires) (ID = 143930)

09:08: Trouvé Adware: icannnews

09:08: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\shareddlls\ (6 traces secondaires) (ID = 359347)

09:08: Trouvé Adware: rx toolbar

09:08: HKCR\rxresult.rxresultfilter\ (3 traces secondaires) (ID = 729537)

09:08: HKCR\rxresult.rxresultfilter\clsid\ (1 traces secondaires) (ID = 729539)

09:08: HKCR\rxresult.rxresultfilter.1\ (3 traces secondaires) (ID = 729541)

09:08: HKCR\rxresult.rxresultfilter.1\clsid\ (1 traces secondaires) (ID = 729543)

09:08: HKCR\rxresult.rxresulttracker\ (3 traces secondaires) (ID = 729545)

09:08: HKCR\rxresult.rxresulttracker\clsid\ (1 traces secondaires) (ID = 729547)

09:08: HKCR\rxresult.rxresulttracker.1\ (3 traces secondaires) (ID = 729549)

09:08: HKCR\rxresult.rxresulttracker.1\clsid\ (1 traces secondaires) (ID = 729551)

09:08: HKCR\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ (10 traces secondaires) (ID = 729553)

09:08: HKCR\clsid\{59879fa4-4790-461c-a1cc-4ec4de4ca483}\ (8 traces secondaires) (ID = 729564)

09:08: HKCR\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 traces secondaires) (ID = 729573)

09:08: HKLM\software\rxresults\ (4 traces secondaires) (ID = 729611)

09:08: HKLM\software\classes\rxresult.rxresultfilter\ (3 traces secondaires) (ID = 729616)

09:08: HKLM\software\classes\rxresult.rxresultfilter\clsid\ (1 traces secondaires) (ID = 729618)

09:08: HKLM\software\classes\rxresult.rxresultfilter.1\ (3 traces secondaires) (ID = 729620)

09:08: HKLM\software\classes\rxresult.rxresultfilter.1\clsid\ (1 traces secondaires) (ID = 729622)

09:08: HKLM\software\classes\rxresult.rxresulttracker\ (3 traces secondaires) (ID = 729624)

09:08: HKLM\software\classes\rxresult.rxresulttracker\clsid\ (1 traces secondaires) (ID = 729626)

09:08: HKLM\software\classes\rxresult.rxresulttracker.1\ (3 traces secondaires) (ID = 729628)

09:08: HKLM\software\classes\rxresult.rxresulttracker.1\clsid\ (1 traces secondaires) (ID = 729630)

09:08: HKLM\software\classes\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ (10 traces secondaires) (ID = 729632)

09:08: HKLM\software\classes\clsid\{59879fa4-4790-461c-a1cc-4ec4de4ca483}\ (8 traces secondaires) (ID = 729643)

09:08: HKLM\software\classes\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 traces secondaires) (ID = 729652)

09:08: Trouvé Adware: hotbar

09:08: HKCR\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (1 traces secondaires) (ID = 774241)

09:08: HKLM\software\classes\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (1 traces secondaires) (ID = 774517)

09:08: Trouvé Adware: directrevenue-thebestoffersnetwork

09:08: HKLM\software\microsoft\windows\currentversion\uninstall\tbon\ (7 traces secondaires) (ID = 826503)

09:08: Trouvé Trojan Horse: spamrelayer_alpiok

09:08: HKCR\clsid\{6368d1fc-6f5c-4f1b-b164-e67214f678e9}\ (3 traces secondaires) (ID = 945518)

09:08: HKLM\software\classes\clsid\{6368d1fc-6f5c-4f1b-b164-e67214f678e9}\ (3 traces secondaires) (ID = 945546)

09:08: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || systray.exbr (ID = 945548)

09:08: Trouvé Adware: cashdeluxe

09:08: HKCR\winapi32.intelinks\ (3 traces secondaires) (ID = 1106874)

09:08: HKCR\winapi32.mybaner\ (3 traces secondaires) (ID = 1106878)

09:08: HKCR\winapi32.mybho\ (3 traces secondaires) (ID = 1106882)

09:08: HKLM\software\classes\winapi32.intelinks\ (3 traces secondaires) (ID = 1106938)

09:08: HKLM\software\classes\winapi32.mybaner\ (3 traces secondaires) (ID = 1106942)

09:08: HKLM\software\classes\winapi32.mybho\ (3 traces secondaires) (ID = 1106946)

09:08: Trouvé Adware: dollarrevenue

09:08: HKLM\software\microsoft\drsmartload2\ (1 traces secondaires) (ID = 1134137)

09:08: Trouvé Adware: cydoor peer-to-peer dependency

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\kazaa\promotions\cydoor\ (355 traces secondaires) (ID = 124527)

09:08: Trouvé Adware: findthewebsiteyouneed hijack

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || search bar (ID = 125237)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || search page (ID = 125238)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || start page (ID = 125239)

09:08: Trouvé Adware: effective-i toolbar

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\effective-i\ (7 traces secondaires) (ID = 125657)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}\ (1 traces secondaires) (ID = 125661)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\toolbar\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125662)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125668)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || search bar (ID = 790268)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\tbon\ (36 traces secondaires) (ID = 826461)

09:08: HKU\WRSS_Profile_S-1-5-21-436374069-1606980848-839522115-1007\software\microsoft\windows\currentversion\run\ || tbon (ID = 826497)

09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\kazaa\promotions\cydoor\ (367 traces secondaires) (ID = 124527)

09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)

09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)

09:08: Trouvé Adware: instafinder

09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\instafink\ (3 traces secondaires) (ID = 128666)

09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {25d8bacf-3de2-4b48-ae22-d659b8d835b0} (ID = 140301)

09:08: Trouvé Adware: upz dialer

09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\timsoft\ (2 traces secondaires) (ID = 400893)

09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)

09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\tbon\ (36 traces secondaires) (ID = 826461)

09:08: HKU\S-1-5-21-436374069-1606980848-839522115-1004\software\microsoft\windows\currentversion\run\ || tbon (ID = 826497)

09:08: Analyse du Registre terminée, temps passé :00:00:21

09:08: Démarrage de l’analyse des cookies

09:08: Trouvé Spy Cookie: yieldmanager cookie

09:08: kamel_2@ad.yieldmanager[1].txt (ID = 3751)

09:08: Trouvé Spy Cookie: hbmediapro cookie

09:08: kamel_2@adopt.hbmediapro[2].txt (ID = 2768)

09:08: Trouvé Spy Cookie: advertising cookie

09:08: kamel_2@advertising[1].txt (ID = 2175)

09:08: Trouvé Spy Cookie: btgrab cookie

09:08: kamel_2@btg.btgrab[2].txt (ID = 2333)

09:08: Trouvé Spy Cookie: cliks cookie

09:08: kamel_2@cliks[1].txt (ID = 2414)

09:08: Trouvé Spy Cookie: offeroptimizer cookie

09:08: kamel_2@offeroptimizer[2].txt (ID = 3087)

09:08: kamel_2@offeroptimizer[3].txt (ID = 3087)

09:08: Trouvé Spy Cookie: tradedoubler cookie

09:08: kamel_2@tradedoubler[1].txt (ID = 3575)

09:08: Trouvé Spy Cookie: xiti cookie

09:08: kamel_2@xiti[1].txt (ID = 3717)

09:08: Trouvé Spy Cookie: zedo cookie

09:08: kamel_2@zedo[2].txt (ID = 3762)

09:08: kamel@ad.yieldmanager[1].txt (ID = 3751)

09:08: Trouvé Spy Cookie: belnk cookie

09:08: kamel@belnk[1].txt (ID = 2292)

09:08: kamel@btg.btgrab[2].txt (ID = 2333)

09:08: kamel@cliks[1].txt (ID = 2414)

09:08: kamel@dist.belnk[2].txt (ID = 2293)

09:08: kamel@offeroptimizer[1].txt (ID = 3087)

09:08: Trouvé Spy Cookie: serving-sys cookie

09:08: kamel@serving-sys[2].txt (ID = 3343)

09:08: kamel@tradedoubler[2].txt (ID = 3575)

09:08: kamel@xiti[1].txt (ID = 3717)

09:08: kamel@zedo[2].txt (ID = 3762)

09:08: Analyse des cookies terminée, temps passé : 00:00:00

09:08: Démarrage de l’analyse des fichiers

09:08: c:\program files\tbonbin (2 traces secondaires) (ID = -2147471500)

09:08: c:\program files\bpt (2 traces secondaires) (ID = -2147481334)

09:08: Trouvé Adware: delfin

09:08: c:\documents and settings\all users\application data\vmss (1 traces secondaires) (ID = -2147481132)

09:08: c:\windows\system32\vmss (ID = -2147481116)

09:08: Trouvé Adware: findthewebsiteyouneed hijacker

09:08: a0067819.exe (ID = 242087)

09:13: Trouvé Adware: look2me

09:13: a0067835.dll (ID = 159)

09:13: a0067832.dll (ID = 163672)

09:14: a0067825.dll (ID = 159)

09:14: a0067821.exe (ID = 59853)

09:15: topsearch.dll (ID = 79735)

09:15: a0067820.exe (ID = 168558)

09:16: a0067838.dll (ID = 159)

09:17: drsmartload95a.exe (ID = 242066)

09:18: a0067818.exe (ID = 242116)

09:18: a0067834.dll (ID = 163672)

09:18: a0056298.manifest (ID = 49859)

09:18: Trouvé Adware: bullguard popup ad

09:18: a0056239.exe (ID = 52016)

09:18: a0067827.dll (ID = 159)

09:18: a0067824.dll (ID = 159)

09:18: a0067828.dll (ID = 163672)

09:19: a0067833.dll (ID = 163672)

09:19: a0067840.dll (ID = 163672)

09:19: a0038404.manifest (ID = 49859)

09:20: peer points manager.lnk (ID = 49852)

09:23: a0056235.manifest (ID = 49859)

09:23: a0067830.dll (ID = 159)

09:23: a0067837.dll (ID = 163672)

09:23: a0067829.dll (ID = 163672)

09:24: a0067822.dll (ID = 163672)

09:25: a0067836.dll (ID = 159)

09:25: a0067831.dll (ID = 159)

09:25: a0067826.dll (ID = 159)

09:25: a0067823.dll (ID = 159)

09:26: a0067839.dll (ID = 159)

09:26: tboninst.cfg (ID = 211835)

09:26: tboninst.cfg (ID = 211835)

09:26: a0063399.lnk (ID = 59838)

09:26: a0063400.lnk (ID = 59855)

09:26: a0067602.lnk (ID = 59838)

09:26: a0067601.lnk (ID = 59855)

09:26: a0067604.lnk (ID = 59855)

09:26: a0067605.lnk (ID = 59838)

09:26: Trouvé Adware: azsearch toolbar

09:26: a0039095.inf (ID = 50329)

09:26: Trouvé System Monitor: potentially rootkit-masked files

09:26: sysbus32.sys (ID = 0)

09:29: Avertissement: Unhandled Archive Type

09:30: Avertissement: Unhandled Archive Type

09:31: Analyse des fichiers terminée, temps passé : 00:22:59

09:31: Analyse complète terminée. Durée 00:27:39

09:31: Traces trouvées : 1155

09:32: Processus de suppression lancé.

09:32: Mise en quarantaine de toutes les traces : icannnews

09:32: Mise en quarantaine de toutes les traces : look2me

09:33: Mise en quarantaine de toutes les traces : potentially rootkit-masked files

09:33: Mise en quarantaine de toutes les traces : spamrelayer_alpiok

09:33: Mise en quarantaine de toutes les traces : azsearch toolbar

09:33: Mise en quarantaine de toutes les traces : broadcastpc

09:33: Mise en quarantaine de toutes les traces : delfin

09:33: Mise en quarantaine de toutes les traces : dollarrevenue

09:33: Mise en quarantaine de toutes les traces : hotbar

09:33: Mise en quarantaine de toutes les traces : altnet

09:33: Mise en quarantaine de toutes les traces : bullguard popup ad

09:33: Mise en quarantaine de toutes les traces : cashdeluxe

09:33: Mise en quarantaine de toutes les traces : cydoor peer-to-peer dependency

09:33: Mise en quarantaine de toutes les traces : effective-i toolbar

09:33: Mise en quarantaine de toutes les traces : findthewebsiteyouneed hijacker

09:33: Mise en quarantaine de toutes les traces : findthewebsiteyouneed hijack

09:33: Mise en quarantaine de toutes les traces : instafinder

09:33: Mise en quarantaine de toutes les traces : rx toolbar

09:33: Mise en quarantaine de toutes les traces : topsearch

09:33: Mise en quarantaine de toutes les traces : upz dialer

09:33: Mise en quarantaine de toutes les traces : advertising cookie

09:33: Mise en quarantaine de toutes les traces : belnk cookie

09:33: Mise en quarantaine de toutes les traces : btgrab cookie

09:33: Mise en quarantaine de toutes les traces : cliks cookie

09:33: Mise en quarantaine de toutes les traces : directrevenue-thebestoffersnetwork

09:33: Mise en quarantaine de toutes les traces : hbmediapro cookie

09:33: Mise en quarantaine de toutes les traces : offeroptimizer cookie

09:33: Mise en quarantaine de toutes les traces : serving-sys cookie

09:33: Mise en quarantaine de toutes les traces : tradedoubler cookie

09:33: Mise en quarantaine de toutes les traces : xiti cookie

09:33: Mise en quarantaine de toutes les traces : yieldmanager cookie

09:33: Mise en quarantaine de toutes les traces : zedo cookie

09:34: Processus de suppression lancé. Durée 00:01:23

********

08:59: | Début de session, mercredi 8 février 2006 |

08:59: Spy Sweeper démarrée

09:01: Les définitions de logiciels espions ont été mises à jour.

09:03: | Fin de session, mercredi 8 février 2006 |

 

 

et voici l'analyse de hijackthis.

 

Logfile of HijackThis v1.99.1

Scan saved at 09:37:50, on 08/02/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Securitoo\av_fw\fswsclds.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Apps\ActivBoard\MMKeybd.exe

C:\Apps\ActivBoard\TrayMon.exe

C:\Apps\ActivBoard\OSD.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Program Files\RAMpage\RAMpageConfig.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\RunServices: [schedulingAgent] C:\WINDOWS\System32\mstask.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.fr/resources/neutral/con....cab?10,0,910,0

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107533172889

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/import/ImageUploader3.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab

O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)

O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\q886lils18q6.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Mark Godlike Member

Mark

Posté(e)
Posté(e) (modifié)

Merci pour ce rapport kms49 :P

 

Je vais maintenant te demander un autre rapport, rapide celui-là :

 

- Lance HijackThis! et clique sur le bouton "Open the Misc Tools Section"

- Juste à côté (à droite) du bouton "Generate StartupListLog", coche les deux cases

- Clique sur Generate StartupListLog

- Un rapport sera généré : colle-le ici, dans ta prochaine réponse.

 

Dis nous également si tu as des dysfonctionnements en ce moment (popups ou autres...)

Modifié par Qc001
kms49 Junior Member

kms49

Posté(e)
  • Auteur
Posté(e)

de rien, merci à toi surtout pour ton aide.

voici le rapport demandé.

sinon le pc marche bien, j'ai toujours le fichier freeprodtb.exe sur le bureau, impossible de supprimer kazaa et ewido qui me dit à chaque fois que j'ai des malwares toolbar qui viennes. ( tbon, look2me, .... ).

 

StartupList report, 08/02/2006, 21:27:33

StartupList version: 1.52.2

Started from : C:\Program Files\hijackthis\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\Securitoo\av_fw\fswsclds.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Apps\ActivBoard\MMKeybd.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\RAMpage\RAMpage.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Apps\ActivBoard\TrayMon.exe

C:\Apps\ActivBoard\OSD.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\hijackthis\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\kamel\Menu Démarrer\Programmes\Démarrage]

OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]

ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

ACTIVBOARD = C:\Apps\ActivBoard\MMKeybd.exe

NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe

WOOKIT = C:\Program Files\Wanadoo\EspaceWanadoo.exe

VTTimer = VTTimer.exe

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

IMEKRMIG6.1 = C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

ATIPTA = atiptaxx.exe

Logitech Utility = Logi_MwX.Exe

RAMpage = "C:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Program Files\RAMpage\RAMpageConfig.exe"

Logitech Hardware Abstraction Layer = KHALMNPR.EXE

Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

P2P Networking = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

SemanticInsight = C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

KAZAA = C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

SchedulingAgent = C:\WINDOWS\System32\mstask.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

WOOKIT = C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

Update Service = "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

tbon = C:\Program Files\TBONBin\tbon.exe /r

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\ssmarque.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Regedit.exe has no CompanyName property! It is either missing or named something else.

- Regedit.exe has no OriginalFilename property! It is either missing or named something else.

- Regedit.exe has no FileDescription property! It is either missing or named something else.

 

Registry check failed!

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

*No BHO's found*

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

*No jobs found*

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[interface Chat Voila]

CODEBASE = http://chat10.x-echo.com/version6/Applet/vchatsign.cab

OSD = C:\WINDOWS\Downloaded Program Files\Interface Chat Voila.osd

 

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[teleir_cert]

CODEBASE = https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

OSD = C:\WINDOWS\Downloaded Program Files\teleir_cert.osd

 

[Checkers Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll

CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

 

[QuickTime Object]

InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx

CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

 

[HouseCall Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx

CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

 

[MSN Photo Select Tool]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPPick.dll

CODEBASE = http://photos.msn.fr/resources/neutral/con....cab?10,0,910,0

 

[MessengerStatsClient Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll

CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[symantec AntiVirus scanner]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

 

[PatchInstaller.Installer]

InProcServer32 = C:\WINDOWS\System32\XPPatchInstaller.dll

CODEBASE = file://D:\content\include\XPPatchInstaller.CAB

 

[{4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B}]

CODEBASE = http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe

 

[WUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\wuweb.dll

CODEBASE = http://v5.windowsupdate.microsoft.com/v5co...b?1107533172889

 

[symantec RuFSI Utility Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

[HouseCall Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx

CODEBASE = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

 

[AvxScanOnline Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX

CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab

 

[Java Plug-in 1.5.0_03]

InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

 

[MSSecurityAdvisorCD Class]

InProcServer32 = C:\WINDOWS\System32\mssecucd.dll

CODEBASE = file://D:\Content\include\msSecUcd.cab

 

[MessengerStatsClient Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll

CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

 

[F-Secure Online Scanner]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\fscax.dll

CODEBASE = http://www.securitoo.com/fra/pages/navol/fscax.cab

 

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

 

[Aurigma Image Uploader 3.5 Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx

CODEBASE = http://www.extrafilm.fr/net/import/ImageUploader3.cab

 

[CRAVOnline Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ravonline.dll

CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab

 

[MsnMessengerSetupDownloadControl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx

CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab

 

[ZoneIntro Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx

CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab

 

[Java Plug-in 1.5.0_03]

InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx

CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

 

[Microsoft Search Settings Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\searchsettings.ocx

CODEBASE = http://lg.home.microsoft.com/search/lobby/searchsettings.cab

 

[AxHtChat Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\npchatg.dll

CODEBASE = http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

Protocol #20: C:\WINDOWS\system32\mswsock.dll

Protocol #21: C:\WINDOWS\system32\mswsock.dll

Protocol #22: C:\WINDOWS\system32\mswsock.dll

Protocol #23: C:\WINDOWS\system32\mswsock.dll

Protocol #24: C:\WINDOWS\system32\mswsock.dll

Protocol #25: C:\WINDOWS\system32\mswsock.dll

Protocol #26: C:\WINDOWS\system32\mswsock.dll

Protocol #27: C:\WINDOWS\system32\mswsock.dll

Protocol #28: C:\WINDOWS\system32\mswsock.dll

Protocol #29: C:\WINDOWS\system32\mswsock.dll

Protocol #30: C:\WINDOWS\system32\mswsock.dll

Protocol #31: C:\WINDOWS\system32\mswsock.dll

Protocol #32: C:\WINDOWS\system32\mswsock.dll

Protocol #33: C:\WINDOWS\system32\mswsock.dll

Protocol #34: C:\WINDOWS\system32\mswsock.dll

Protocol #35: C:\WINDOWS\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Pilote d'unité 61883: System32\DRIVERS\61883.sys (manual start)

Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system)

General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)

USB ADSL WAN Adapter: System32\DRIVERS\adiusbaw.sys (manual start)

Adobe LM Service: "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)

Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start)

Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (system)

Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start)

Pilote de processeur AMD K7: System32\DRIVERS\amdk7.sys (system)

Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start)

Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system)

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)

ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)

ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)

Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)

Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start)

Périphérique AVC: System32\DRIVERS\avc.sys (manual start)

AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)

AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)

AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)

AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)

AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)

AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)

Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Décodeur sous-titre fermé: System32\DRIVERS\CCDECODE.sys (manual start)

Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system)

Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start)

Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled)

Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

NEC VIA 3D Environmental Audio: system32\drivers\cviaaud.sys (manual start)

CVIAHALA: system32\drivers\cviahal.sys (manual start)

Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Pilote de disque: System32\DRIVERS\disk.sys (system)

Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start)

Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start)

DSDrv4: \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys (manual start)

dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start)

Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Journal des événements: %SystemRoot%\system32\services.exe (autostart)

Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)

ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)

ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart)

Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start)

VIA Rhine Family Fast Ethernet Adapter Driver Service: System32\DRIVERS\fetnd5b.sys (manual start)

Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\DRIVERS\fltMgr.sys (system)

F-Secure Windows Security Center Legacy Detection Service: C:\Program Files\Securitoo\av_fw\fswsclds.exe (autostart)

Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system)

France Telecom Routing Table Service: C:\WINDOWS\System32\FTRTSVC.exe (autostart)

Enumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start)

GMSIPCI: \??\D:\INSTALL\GMSIPCI.SYS (manual start)

Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start)

Hauppauge WinTV 848/9 WDM Video Driver: system32\drivers\HCWBT8XX.sys (manual start)

Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start)

IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)

Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)

USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system)

Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system)

Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)

Pilote du pare-feu Windows IPv6: system32\drivers\ip6fw.sys (manual start)

Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start)

Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start)

Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start)

Pilote IPSEC: System32\DRIVERS\ipsec.sys (system)

Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start)

Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system)

Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system)

Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system)

Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start)

Logitech SetPoint Keyboard Driver: system32\DRIVERS\L8042Kbd.sys (manual start)

Logitech SetPoint PS/2 Mouse Filter Driver: system32\DRIVERS\L8042mou.Sys (manual start)

Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042Pr2.sys (manual start)

Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.sys (manual start)

Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.sys (manual start)

Logitech SetPoint Mouse Filter Driver: system32\DRIVERS\LMouKE.Sys (manual start)

AEGIS Protocol (IEEE 802.1x) v2.3.1.9: system32\DRIVERS\mdc8021x.sys (autostart)

Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system)

Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start)

Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start)

Multimedia Keyboard Filter Driver: System32\DRIVERS\msikbd2k.sys (system)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start)

Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start)

Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start)

Mtlmnt5: System32\DRIVERS\Mtlmnt5.sys (manual start)

Mtlstrm: System32\DRIVERS\Mtlstrm.sys (manual start)

Codec NABTS/FEC VBI: System32\DRIVERS\NABTSFEC.sys (manual start)

Connection TV/vidéo Microsoft: System32\DRIVERS\NdisIP.sys (manual start)

Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start)

NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start)

Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start)

Interface NetBIOS: System32\DRIVERS\netbios.sys (system)

NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system)

DDE réseau: %SystemRoot%\system32\netdde.exe (disabled)

DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled)

Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start)

Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Netropa NHK Server: C:\Apps\ActivBoard\nhksrv.exe (autostart)

Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start)

NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start)

Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NtMtlFax: System32\DRIVERS\NtMtlFax.sys (manual start)

Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start)

Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)

Contrôleur hôte compatible IEE 1394 VIA OHCI: system32\DRIVERS\ohci1394.sys (system)

Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start)

PCANDIS5 Protocol Driver: \??\C:\WINDOWS\system32\PCANDIS5.SYS (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCTVVBI: System32\DRIVERS\pctvvbi.sys (manual start)

Padus ASPI Shell: system32\drivers\pfc.sys (manual start)

Plug-and-Play: %SystemRoot%\system32\services.exe (autostart)

Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)

Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart)

Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Pilote processeur: System32\DRIVERS\processr.sys (system)

Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)

Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start)

Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\DRIVERS\PxHelp20.sys (system)

Logitech QuickCam Messenger: System32\DRIVERS\LVCM.sys (manual start)

Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system)

Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start)

Parallèle direct: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start)

Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system)

Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start)

Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)

Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start)

Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start)

Pilote de port série: system32\DRIVERS\serial.sys (system)

Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Détrameur décalage BDA: System32\DRIVERS\SLIP.sys (manual start)

SmartLink AMR_PCI Driver: System32\DRIVERS\slntamr.sys (manual start)

SlNtHal: System32\DRIVERS\Slnthal.sys (manual start)

SmartLinkService: slserv.exe (autostart)

SlWdmSup: System32\DRIVERS\SlWdmSup.sys (manual start)

Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start)

Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)

sptd: System32\Drivers\sptd.sys (system)

Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system)

Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

SSI: system32\Drivers\SSI.SYS (system)

VIA Audio Driver (WDM) - SigmaTel CODEC: system32\drivers\STAC97.sys (manual start)

Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)

Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)

Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start)

Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{E53B31E7-0A66-4CD0-8C9B-E482F43ABB96} (manual start)

Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start)

32bit system bus driver: \??\C:\WINDOWS\system32\drivers\sysbus32.sys (autostart)

Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start)

Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system)

Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system)

Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Ulead Burning Helper: C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (disabled)

Infrastructure de pilote-mode utilisateur Windows: C:\WINDOWS\system32\wdfmgr.exe (manual start)

Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start)

Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Onduleur: %SystemRoot%\System32\ups.exe (manual start)

Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start)

Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start)

Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start)

Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start)

Classe d'imprimantes USB Microsoft: System32\DRIVERS\usbprint.sys (manual start)

Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start)

Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start)

Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start)

v90drv: System32\DRIVERS\v90drv.sys (manual start)

Carte vidéo VGA.: \SystemRoot\System32\drivers\vga.sys (system)

Filtre de bus AGP VIA: System32\DRIVERS\viaagp1.sys (system)

VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)

viagfx: System32\DRIVERS\vtmini.sys (manual start)

ViaIde: System32\DRIVERS\viaidexp.sys (system)

viamraid: System32\DRIVERS\viamraid.sys (system)

VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system)

Vinyl AC'97 Audio Controller (WDM): system32\drivers\viaudios.sys (manual start)

Vqtfk: \??\C:\WINDOWS\system32\Vqtfk.sys (autostart)

Vsp: \??\C:\WINDOWS\System32\drivers\Vsp.sys (manual start)

Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start)

Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start)

Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Sagem 802.11g Wireless LAN USB Adapter Driver: system32\DRIVERS\WlanUIG.sys (manual start)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Codec Teletext standard: System32\DRIVERS\WSTCODEC.SYS (manual start)

Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

End of report, 43 444 bytes

Report generated in 0,359 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...