Se connecter avec
S'enregistrer | Connectez-vous
Votre question

Virus fenetre intempestive qui s'ouvre sans arret

Tags :
  • Fenêtre intempestive
  • Sécurité
Dernière réponse : dans Sécurité et virus
Partagez
9 Mars 2006 22:06:58

Bonsoir j'ai un probleme avec mon pc, je pence avoir un virus mais je ne sais pas comment il s'apel. ce probleme est qu'il y'a des fenetre publicitair qui s'ouvre toute les 5 minute et quand j'utilise hijackthis pour virer ces fenetre elle revienne tout le temp. j'ai fait evaluer mon log il me signale un gros virus et quand j'essaye de suprimer ce virus il me dise qu'il est impossible de le supprimer car il est en cour d'execution!!!
Aider moi pleasseeeeee

Voici mon log


Logfile of HijackThis v1.99.1
Scan saved at 21:58:37, on 09/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\TFNEIEdob3N0\command.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\mousepad1.exe
C:\WINDOWS\lclock.exe
C:\PROGRA~1\FICHIE~1\okuw\okuwm.exe
C:\PROGRA~1\FICHIE~1\okuw\okuwa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [okuw] C:\PROGRA~1\FICHIE~1\okuw\okuwm.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Hijackthis Version Française\HijackThis.exe /startupscan
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\n6r20g9oe6.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TFNEIEdob3N0\command.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

J'espere que vous pourrez m'aidez merci

Autres pages sur : virus fenetre intempestive ouvre arret

9 Mars 2006 22:37:26

Bonjour

Plusieurs infections différentes.

Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix. Regarde bien les trois petites notes au bas, avant de débuter.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7

* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
9 Mars 2006 22:50:04

merci je vais essayer reste en ligne au cas ou stp merci beaucoup :-D
Contenus similaires
9 Mars 2006 22:53:14

je ne sais pas comment cela ce fait mais j'ai telechargez look2me destroyer mais quand je fait double clicck dessus cela ne marche pas il y'a un message d'erreur
9 Mars 2006 23:01:21

Quel est ce message d'erreur ?
Est ce que ce n'est pas un de ceux que je cite plus haut ?
9 Mars 2006 23:14:52

non le message derreur estComponent "mswinck.ocx" or one of its dependancies not correctly registred: a file is missing or invalid
9 Mars 2006 23:53:26

C'est bon sa marche merci mais look2me destroyer ne se redemarre pas apres 10sec j'ai redemarrer mon ordinateur et j'ai ressayer mais sa ne marche toujour pas
10 Mars 2006 00:04:34

Bon, fais ceci. On change d'outil.

Télécharge L2mfix (de Shadowwar) de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt") dans ta prochaine réponse.

Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.
10 Mars 2006 00:13:57

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellCompatibility]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\i6nmlg5116.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9901B88D-F9A9-0ED7-DC49-639FA5529814}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"="CopyToCD shell extension"
"{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}"=""
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{52c68510-09a0-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}\InprocServer32]
@="C:\\WINDOWS\\system32\\hqpertrm.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
atmtd.dll Thu 2 Mar 2006 19:12:54 A.... 687 592 671,48 K
aytxprxy.dll Fri 3 Mar 2006 17:17:10 ..S.R 236 341 230,80 K
bszip.dll Thu 2 Mar 2006 19:03:48 A.... 62 464 61,00 K
divx.dll Mon 6 Feb 2006 20:41:52 A.... 574 976 561,50 K
dpl100.dll Mon 6 Feb 2006 20:42:02 A.... 86 016 84,00 K
dpu10.dll Mon 6 Feb 2006 20:42:00 A.... 294 912 288,00 K
dpu11.dll Mon 6 Feb 2006 20:42:00 A.... 294 912 288,00 K
dpugui10.dll Fri 20 Jan 2006 23:46:10 A.... 53 248 52,00 K
dpugui11.dll Mon 6 Feb 2006 20:42:02 A.... 593 920 580,00 K
dpus11.dll Mon 6 Feb 2006 20:42:00 A.... 339 968 332,00 K
dpv11.dll Mon 6 Feb 2006 20:42:00 A.... 57 344 56,00 K
dtu100.dll Mon 6 Feb 2006 20:42:02 A.... 200 704 196,00 K
hqpertrm.dll Thu 9 Mar 2006 23:44:04 ..... 237 038 231,48 K
libdivx.dll Fri 20 Jan 2006 23:46:36 A.... 1 044 480 1020,00 K
px.dll Fri 20 Jan 2006 23:46:34 ..... 372 736 364,00 K
pxdrv.dll Fri 20 Jan 2006 23:46:34 ..... 421 888 412,00 K
pxmas.dll Fri 20 Jan 2006 23:46:34 ..... 172 032 168,00 K
pxwave.dll Fri 20 Jan 2006 23:46:34 ..... 339 968 332,00 K
qt-dx331.dll Fri 20 Jan 2006 23:46:12 A.... 3 596 288 3,43 M
rcsdlg.dll Fri 3 Mar 2006 16:44:00 ..S.R 235 757 230,23 K
sirenacm.dll Wed 25 Jan 2006 4:34:24 A.... 118 784 116,00 K
ssldivx.dll Fri 20 Jan 2006 23:46:36 A.... 200 704 196,00 K
syell32.dll Fri 3 Mar 2006 17:10:48 ..S.R 236 022 230,49 K
unicows.dll Fri 20 Jan 2006 23:46:36 A.... 245 408 239,66 K
vxblock.dll Fri 20 Jan 2006 23:46:34 ..... 28 672 28,00 K
wfsapi32.dll Fri 3 Mar 2006 17:23:24 ..S.R 236 341 230,80 K
xvidcore.dll Fri 30 Dec 2005 20:10:30 A.... 761 856 744,00 K
xvidvfw.dll Fri 30 Dec 2005 20:18:26 A.... 180 224 176,00 K

28 items found: 28 files (4 H/S), 0 directories.
Total of file sizes: 11 910 595 bytes 11,36 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Thu 9 Mar 2006 23:44:58 ..S.R 237 038 231,48 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 237 038 bytes 231,48 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C86A-34E9

R‚pertoire de C:\WINDOWS\System32

10/03/2006 00:08 <REP> ..
10/03/2006 00:08 <REP> .
09/03/2006 23:44 237ÿ038 guard.tmp
09/03/2006 16:23 233ÿ433 n04s0ah7ed4.dll
09/03/2006 14:35 237ÿ038 i6nmlg5116.dll
07/03/2006 00:45 234ÿ828 n82u0if9e82.dll
05/03/2006 13:12 234ÿ700 k0080adued080.dll
03/03/2006 20:31 233ÿ400 hr0o05d3e.dll
03/03/2006 17:23 236ÿ341 wfsapi32.dll
03/03/2006 17:17 236ÿ341 aytxprxy.dll
03/03/2006 17:17 237ÿ285 p44u0eh9eh4.dll
03/03/2006 17:10 236ÿ022 syell32.dll
03/03/2006 16:43 235ÿ757 rCsdlg.dll
15/11/2005 05:16 <REP> Microsoft
03/12/2004 17:12 175ÿ104 winlog.exe
12 fichier(s) 2ÿ767ÿ287 octets
3 R‚p(s) 80ÿ561ÿ217ÿ536 octets libres
10 Mars 2006 00:25:37

On continue

Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.

Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.

[IMPORTANT: NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" . Ne pas lancer cet outil en mode Sans Échec !!
**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt") situé dans le dossier "l2mfix".
10 Mars 2006 00:31:22

tu peu me laisser ton adresse msn sa sera plus pratik please :-D
10 Mars 2006 00:35:40

Non, plusieurs raisons.

Je n'ai pas MSN :-o

Et nous sommes sur un Forum. C'est à dire partager pour tout le monde.
10 Mars 2006 00:48:13

Tu as raison désoler...j'ai fait ce que tu ma dit voila le texte qui s'est afficher au demarage

L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 640 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'
Killing PID 884 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1340 'explorer.exe'
Killing PID 1340 'explorer.exe'
Killing PID 1340 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2756 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\aytxprxy.dll
Successfully Deleted: C:\WINDOWS\system32\aytxprxy.dll
Deleting: C:\WINDOWS\system32\hqpertrm.dll
Successfully Deleted: C:\WINDOWS\system32\hqpertrm.dll
Deleting: C:\WINDOWS\system32\hr0o05d3e.dll
Successfully Deleted: C:\WINDOWS\system32\hr0o05d3e.dll
Deleting: C:\WINDOWS\system32\i6nmlg5116.dll
Successfully Deleted: C:\WINDOWS\system32\i6nmlg5116.dll
Deleting: C:\WINDOWS\system32\k0080adued080.dll
Successfully Deleted: C:\WINDOWS\system32\k0080adued080.dll
Deleting: C:\WINDOWS\system32\n04s0ah7ed4.dll
Successfully Deleted: C:\WINDOWS\system32\n04s0ah7ed4.dll
Deleting: C:\WINDOWS\system32\n82u0if9e82.dll
Successfully Deleted: C:\WINDOWS\system32\n82u0if9e82.dll
Deleting: C:\WINDOWS\system32\p44u0eh9eh4.dll
Successfully Deleted: C:\WINDOWS\system32\p44u0eh9eh4.dll
Deleting: C:\WINDOWS\system32\rCsdlg.dll
Successfully Deleted: C:\WINDOWS\system32\rCsdlg.dll
Deleting: C:\WINDOWS\system32\syell32.dll
Successfully Deleted: C:\WINDOWS\system32\syell32.dll
Deleting: C:\WINDOWS\system32\wfsapi32.dll
Successfully Deleted: C:\WINDOWS\system32\wfsapi32.dll
Deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

msg11?.dll
0 fichier(s) copi‚(s).



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellCompatibility]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\i6nmlg5116.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\aytxprxy.dll
C:\WINDOWS\system32\hqpertrm.dll
C:\WINDOWS\system32\hr0o05d3e.dll
C:\WINDOWS\system32\i6nmlg5116.dll
C:\WINDOWS\system32\k0080adued080.dll
C:\WINDOWS\system32\n04s0ah7ed4.dll
C:\WINDOWS\system32\n82u0if9e82.dll
C:\WINDOWS\system32\p44u0eh9eh4.dll
C:\WINDOWS\system32\rCsdlg.dll
C:\WINDOWS\system32\syell32.dll
C:\WINDOWS\system32\wfsapi32.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}\InprocServer32]
@="C:\\WINDOWS\\system32\\hqpertrm.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/aytxprxy.dll (164 bytes security) (deflated 5%)
adding: dlls/guard.tmp (164 bytes security) (deflated 6%)
adding: dlls/hqpertrm.dll (164 bytes security) (deflated 6%)
adding: dlls/hr0o05d3e.dll (164 bytes security) (deflated 4%)
adding: dlls/i6nmlg5116.dll (164 bytes security) (deflated 6%)
adding: dlls/k0080adued080.dll (164 bytes security) (deflated 5%)
adding: dlls/n04s0ah7ed4.dll (164 bytes security) (deflated 4%)
adding: dlls/n82u0if9e82.dll (164 bytes security) (deflated 5%)
adding: dlls/p44u0eh9eh4.dll (164 bytes security) (deflated 6%)
adding: dlls/rCsdlg.dll (164 bytes security) (deflated 5%)
adding: dlls/syell32.dll (164 bytes security) (deflated 5%)
adding: dlls/wfsapi32.dll (164 bytes security) (deflated 5%)
adding: backregs/166D6BC8-FE1C-4CBF-AA8E-FA4805959B1E.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
10 Mars 2006 00:49:27

ET ENCORE J'En AI SUPPRIMER DES "Killing PID 884 'winlogon.exe' CAR MON TEXTE ETAIT TROP LONG
10 Mars 2006 01:02:40

Bien, déja les pop-ups ont du se calmer.
On voit bien qu'il a supprimé des fichiers infectieux de look2me.
Mais je ne sais pas pourquoi cette répétition de ces lignes.

Je me base sur le premier HijackThis, car tu n'en as pas mis de nouveau.
Encore un peu de travail.

1 Télécharge
CCleaner.

http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

Ewido
http://www.ewido.net/fr/download/
Tu l'installes et tu le mets à jour.

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKCU\..\Run: [okuw] C:\PROGRA~1\FICHIE~1\okuw\okuwm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TFNEIEdob3N0\command.exe

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

5 Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.

Dans la liste des services, cherche et sélectionne
"Command Service" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\WINDOWS\TFNEIEdob3N0\command.exe" / dans Type de démarrage,
sélectionne Désactiver / valide la modification.

6 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\\keyboard1.exe
C:\\mousepad1.exe
C:\Program Files\Fichiers communs\okuw
C:\WINDOWS\TFNEIEdob3N0

7 Lance le nettoyage avec CCleaner.

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

8 Lance Ewido.
Fais un scan en mode complet.
Sauvegardes le rapport.

9 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'Ewido.
10 Mars 2006 01:52:30

merci je fait tous sa tkt sa arrive mais le scan ewido est tres long
10 Mars 2006 04:02:31

Logfile of HijackThis v1.99.1
Scan saved at 02:00:15, on 10/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdefender9\bdswitch.exe"
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Hijackthis Version Française\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\i6nmlg5116.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Voila je fait koi maintenan???
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS