Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

Ms Server et pop up sans arret

 

LOGICIELS : wj46, 1 utilisateur anonyme et 125 utilisateurs inconnus
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Ms Server et pop up sans arret

Prévenir les modérateurs en cas d'abus 
mauldin
  1. Posté le 06/06/2008 à 10:12:14  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour a tous, je pense avoir un  gros probl. avec mon PC (vista ultimate)

 process MSSERVER impossible a tuer
 pop up de pub sans arret ds IE
 PC instable et lent.

 ni adaware, ni spybot, ni norton n en viennent a bout !

 merci de m aider si vous avez une solution.

 A+ :youpi:

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 06/06/2008 à 13:11:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour,

 Télécharge ComboFix (créé par sUBs) sur ton Bureau

 Démarre en mode sans échec : http://forum.telecharger.01net [...] ges-1.html


 
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • ComboFix redémarrera ton PC
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

 NOTE : Le rapport se trouve également ici : C:\Combofix.txt

 ;)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
(Publicité)
mauldin
  1. Posté le 06/06/2008 à 13:50:03  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Merci merci bcp de m aider.

 Voici le resultat :

 ComboFix 08-06-05.3 - JP 2008-06-06 14:24:13.1 - NTFSx86 MINIMAL
 Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.1.1033.18.2756 [GMT 2:00]
 Running from: C:\Users\JP\Desktop\ComboFix.e​xe
 .

 ((((((((((((((((((((((((((((((​(((((((((   Other Deletions   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .

 C:\ProgramData\Microsoft\Netwo​rk\Downloader\qmgr0.dat
 C:\ProgramData\Microsoft\Netwo​rk\Downloader\qmgr1.dat
 C:\Windows\Downloaded Program Files\setup.inf
 C:\Windows\System32\adeKkUvw.i​ni
 C:\Windows\System32\adeKkUvw.i​ni2
 C:\Windows\system32\ddcDurOf.d​ll
 C:\Windows\system32\fOruDcdd.i​ni
 C:\Windows\System32\fOruDcdd.i​ni2
 C:\Windows\system32\iifdAtRl.d​ll
 C:\Windows\system32\KRuuwyay.i​ni
 C:\Windows\System32\KRuuwyay.i​ni2
 C:\Windows\system32\lisutqcq.i​ni
 C:\Windows\system32\ljJDuRhf.d​ll
 C:\Windows\system32\lRtAdfii.i​ni
 C:\Windows\System32\lRtAdfii.i​ni2
 C:\Windows\system32\mcrh.tmp
 C:\Windows\system32\nhwfuxql.i​ni
 C:\Windows\system32\pdvvvkku.i​ni
 C:\Windows\system32\UCKkRqss.i​ni
 C:\Windows\System32\UCKkRqss.i​ni2
 C:\Windows\system32\wvUkKeda.d​ll
 C:\Windows\system32\xmjsvipw.i​ni
 C:\Windows\system32\xtwrkewx.i​ni
 C:\Windows\system32\xxyxywwu.d​ll
 C:\Windows\System32\YxGOnUvw.i​ni
 C:\Windows\System32\YxGOnUvw.i​ni2

 ----- BITS: Possible infected sites -----

 hxxp://www.mininova.org
 .
 (((((((((((((((((((((((((   Files Created from 2008-05-06 to 2008-06-06  ))))))))))))))))))))))))))))))​)
 .

 2008-06-06 13:14 . 2008-06-06 13:14 124,928 --a------ C:\Windows\System32\dhgdsjqr.d​ll
 2008-06-06 09:58 . 2008-06-06 09:58 126,976 --a------ C:\Windows\System32\mvaeixny.d​ll
 2008-06-05 23:15 . 2008-06-05 23:15 <DIR> d-------- C:\Users\JP\AppData\Roaming\La​vasoft
 2008-06-05 23:14 . 2008-06-05 23:14 <DIR> d-------- C:\Program Files\Lavasoft
 2008-06-05 23:13 . 2008-06-05 23:13 117,248 --a------ C:\Windows\System32\qcqtusil.d​ll
 2008-06-05 23:10 . 2008-06-05 23:10 117,248 --a------ C:\Windows\System32\ukkvvvdp.d​ll
 2008-06-05 23:09 . 2008-06-05 23:09 133,120 --a------ C:\Windows\System32\iexehqrq.d​ll
 2008-06-05 22:52 . 2008-06-05 22:52 126,976 --a------ C:\Windows\System32\yssfgiyg.d​ll
 2008-06-05 21:39 . 2008-06-05 22:04 269 --a------ C:\Windows\wininit.ini
 2008-06-05 20:49 . 2008-06-06 13:03 <DIR> d-------- C:\Program Files\Navilog1
 2008-06-05 20:39 . 2008-06-05 22:06 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
 2008-06-05 20:39 . 2008-06-05 22:06 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
 2008-06-05 20:39 . 2008-06-05 20:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
 2008-06-05 20:14 . 2008-06-05 20:14 <DIR> d-------- C:\Program Files\Trend Micro
 2008-06-05 18:47 . 2008-06-05 18:47 133,120 --a------ C:\Windows\System32\vkwpjsxj.d​ll
 2008-06-05 18:44 . 2008-06-05 18:44 126,976 --a------ C:\Windows\System32\gxkiidsi.d​ll
 2008-06-05 18:20 . 2008-06-05 18:20 133,120 --a------ C:\Windows\System32\auwovpll.d​ll
 2008-06-05 18:15 . 2008-06-05 18:15 126,976 --a------ C:\Windows\System32\lwtmfuak.d​ll
 2008-05-30 22:15 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLega​cyGDFs.dll
 2008-05-30 22:15 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
 2008-05-30 18:44 . 2008-05-30 20:20 <DIR> d-------- C:\Program Files\Freeplayer
 2008-05-30 13:07 . 2008-05-30 13:07 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
 2008-05-30 09:37 . 2008-05-30 09:37 <DIR> d-------- C:\Program Files\Bonjour
 2008-05-29 21:12 . 2008-05-29 21:12 0 --ah----- C:\Windows\System32\drivers\Ms​ft_User_WpdMtpDr_01_00_00.Wdf
 2008-05-28 12:45 . 2008-05-28 12:45 99,264 --a------ C:\Windows\System32\drivers\An​yDVD.sys
 2008-05-24 12:19 . 2008-05-24 12:19 <DIR> dr------- C:\Windows\System32\config\sys​temprofile\Videos
 2008-05-24 12:19 . 2008-05-24 12:19 <DIR> dr------- C:\Windows\System32\config\sys​temprofile\Searches
 2008-05-24 12:19 . 2008-05-24 12:19 <DIR> dr------- C:\Windows\System32\config\sys​temprofile\Saved Games
 2008-05-24 12:19 . 2008-05-24 12:19 <DIR> dr------- C:\Windows\System32\config\sys​temprofile\Pictures
 2008-05-24 12:19 . 2008-05-24 12:19 <DIR> dr------- C:\Windows\System32\config\sys​temprofile\Links
 2008-05-24 12:19 . 2008-05-24 12:19 <DIR> dr------- C:\Windows\System32\config\sys​temprofile\Downloads
 2008-05-24 12:19 . 2008-05-24 12:19 <DIR> dr------- C:\Windows\System32\config\sys​temprofile\Documents
 2008-05-18 20:10 . 2008-05-18 20:10 0 --ah----- C:\Windows\System32\drivers\Ms​ft_User_WpdFs_01_00_00.Wdf
 2008-05-18 16:08 . 2008-05-18 16:08 <DIR> d-------- C:\Program Files\PC Inspector File Recovery
 2008-05-18 16:08 . 2002-02-18 18:40 6,200 --a------ C:\Windows\System32\INT13EXT.V​XD
 2008-05-17 16:20 . 2008-05-17 16:20 <DIR> d-------- C:\PerfLogs
 2008-05-17 10:36 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
 2008-05-17 10:36 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
 2008-05-17 10:34 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000​a.dll
 2008-05-17 10:33 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
 2008-05-17 10:32 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dl​l
 2008-05-17 10:32 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
 2008-05-17 10:32 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.d​ll
 2008-05-17 10:32 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.d​ll
 2008-05-16 20:48 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.d​ll
 2008-05-16 20:18 . 2008-05-16 20:31 <DIR> d-------- C:\Program Files\Windows Live
 2008-05-16 20:18 . 2008-05-16 20:26 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
 2008-05-16 20:16 . 2008-05-16 20:16 <DIR> d-------- C:\Users\All Users\WLInstaller
 2008-05-16 20:16 . 2008-05-16 20:16 <DIR> d-------- C:\ProgramData\WLInstaller
 2008-05-13 14:14 . 2008-05-13 15:37 <DIR> d-------- C:\Program Files\Microsoft Silverlight
 2008-05-07 20:41 . 2008-05-29 21:14 <DIR> d-------- C:\Users\All Users\ZoomBrowser
 2008-05-07 20:41 . 2008-05-29 21:14 <DIR> d-------- C:\ProgramData\ZoomBrowser
 2008-05-07 16:41 . 2000-03-14 20:55 13,239 --a------ C:\Windows\System32\scg726.acm
 2008-05-07 15:46 . 2008-06-06 14:37 54,156 --ah----- C:\Windows\QTFont.qfn
 2008-05-07 15:46 . 2008-05-07 15:46 1,409 --a------ C:\Windows\QTFont.for
 2008-05-06 21:53 . 2008-05-06 21:53 <DIR> d-------- C:\Users\All Users\TomTom
 2008-05-06 21:53 . 2008-05-06 21:53 <DIR> d-------- C:\ProgramData\TomTom
 2008-05-06 21:52 . 2008-05-06 21:52 <DIR> d-------- C:\Users\JP\AppData\Roaming\To​mTom
 2008-05-06 21:51 . 2008-05-06 21:52 <DIR> d-------- C:\Program Files\TomTom HOME 2
 2008-05-06 19:37 . 2008-05-06 19:37 <DIR> d-------- C:\Program Files\iPod
 2008-05-06 06:55 . 2008-05-06 06:55 988,216 --a------ C:\Windows\System32\winload.ex​e
 2008-05-06 06:55 . 2008-05-06 06:55 927,288 --a------ C:\Windows\System32\winresume.​exe
 2008-05-06 06:55 . 2008-05-06 06:55 615,992 --a------ C:\Windows\System32\ci.dll
 2008-05-06 06:55 . 2008-05-06 06:55 378,368 --a------ C:\Windows\System32\srcore.dll
 2008-05-06 06:55 . 2008-05-06 06:55 318,464 --a------ C:\Windows\System32\rstrui.exe
 2008-05-06 06:55 . 2008-05-06 06:55 46,592 --a------ C:\Windows\System32\setbcdloca​le.dll
 2008-05-06 06:55 . 2008-05-06 06:55 40,960 --a------ C:\Windows\System32\srclient.d​ll
 2008-05-06 06:55 . 2008-05-06 06:55 19,000 --a------ C:\Windows\System32\kd1394.dll
 2008-05-06 06:55 . 2008-05-06 06:55 14,848 --a------ C:\Windows\System32\srdelayed.​exe
 2008-05-06 06:55 . 2008-05-06 06:55 6,656 --a------ C:\Windows\System32\kbd106n.dl​l
 2008-05-06 03:08 . 2008-05-06 03:08 2,032,128 --a------ C:\Windows\System32\win32k.sys
 2008-05-06 03:04 . 2008-05-06 03:04 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
 2008-05-06 03:04 . 2008-05-06 03:04 826,880 --a------ C:\Windows\System32\wininet.dl​l

 .
 ((((((((((((((((((((((((((((((​((((((((((   Find3M Report   ))))))))))))))))))))))))))))))​))))))))))))))))))))))
 .
 2008-06-06 12:17 --------- d-----w C:\Users\JP\AppData\Roaming\Az​ureus
 2008-06-06 12:02 --------- d-----w C:\ProgramData\Symantec
 2008-06-06 07:11 --------- d-----w C:\Users\JP\AppData\Roaming\DN​A
 2008-06-05 20:38 --------- d-----w C:\ProgramData\FLEXnet
 2008-06-03 19:48 --------- d-----w C:\Users\JP\AppData\Roaming\Me​tacafe
 2008-06-03 18:14 --------- d-----w C:\Program Files\Apollo iPod Video Converter
 2008-05-31 11:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
 2008-05-31 08:20 805 ----a-w C:\Windows\system32\drivers\SY​MEVENT.INF
 2008-05-31 08:20 123,952 ----a-w C:\Windows\system32\drivers\SY​MEVENT.SYS
 2008-05-31 08:20 10,671 ----a-w C:\Windows\system32\drivers\SY​MEVENT.CAT
 2008-05-31 08:20 --------- d-----w C:\Program Files\Symantec
 2008-05-31 08:19 --------- d-----w C:\Program Files\Norton Internet Security
 2008-05-30 17:10 --------- d-----w C:\Users\JP\AppData\Roaming\vl​c
 2008-05-30 07:37 --------- d-----w C:\Program Files\Common Files\Adobe
 2008-05-29 20:24 --------- d-----w C:\Users\JP\AppData\Roaming\Di​vX
 2008-05-29 19:14 --------- d-----w C:\Users\JP\AppData\Roaming\Zo​omBrowser EX
 2008-05-24 10:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
 2008-05-24 10:26 --------- d-----w C:\Program Files\Electronic Arts
 2008-05-24 10:20 --------- d-----w C:\ProgramData\Electronic Arts
 2008-05-18 15:01 3,532 ----a-w C:\drmHeader.bin
 2008-05-17 15:44 --------- d-----w C:\Program Files\Java
 2008-05-17 14:34 174 --sha-w C:\Program Files\desktop.ini
 2008-05-17 14:24 --------- d-----w C:\Program Files\Windows Sidebar
 2008-05-17 14:24 --------- d-----w C:\Program Files\Windows Photo Gallery
 2008-05-17 14:24 --------- d-----w C:\Program Files\Windows Mail
 2008-05-17 14:24 --------- d-----w C:\Program Files\Windows Journal
 2008-05-17 14:24 --------- d-----w C:\Program Files\Windows Defender
 2008-05-17 14:24 --------- d-----w C:\Program Files\Windows Collaboration
 2008-05-17 14:24 --------- d-----w C:\Program Files\Windows Calendar
 2008-05-15 05:06 --------- d-----w C:\ProgramData\Microsoft Help
 2008-05-07 19:19 --------- d-----w C:\Program Files\Canon
 2008-05-07 07:26 --------- d-----w C:\Program Files\SpeedFan
 2008-05-06 19:51 --------- d-----w C:\Program Files\TomTom HOME
 2008-05-06 17:52 --------- d-----w C:\Program Files\QuickTime
 2008-05-06 17:37 --------- d-----w C:\Program Files\iTunes
 2008-05-06 17:30 --------- d-----w C:\Program Files\Apple Software Update
 2008-05-04 18:55 --------- d-----w C:\Users\JP\AppData\Roaming\Bi​tTorrent
 2008-05-04 18:30 --------- d-----w C:\Users\JP\AppData\Roaming\uT​orrent
 2008-05-04 18:28 --------- d-----w C:\Program Files\DNA
 2008-05-04 18:28 --------- d-----w C:\Program Files\BitTorrent
 2008-05-04 18:12 --------- d-----w C:\Program Files\Azureus
 2008-05-04 18:06 --------- d-----w C:\ProgramData\Azureus
 2008-04-12 20:01 --------- d-----w C:\Users\JP\AppData\Roaming\Vs​o
 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.d​ll
 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.d​ll
 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.d​ll
 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.d​ll
 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
 2007-04-20 01:55 262,144 ----a-w C:\ProgramData\ntuser.dat
 2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
 2007-11-11 00:11 21,672 --sha-w C:\Windows\System32\KGyGaAvL.s​ys
 2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
 .

 ------- Sigcheck -------

 .
 ((((((((((((((((((((((((((((((​(((((((   Reg Loading Points   ))))))))))))))))))))))))))))))​))))))))))))))))))))
 .
 .
 *Note* empty entries & legit default entries are not shown
 REGEDIT4

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1022B3C5-9ED9-4CAB-AF7A-7D603E90A083}]
    C:\Windows\system32\yaywuuRK.d​ll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{418B32E6-0783-45C8-8F80-00E0C8166F83}]

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
 "ehTray.exe"="C:\Windows\ehome​\ehTray.exe" [2008-01-19 09:33 125952]
 "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtra​y.exe" [2008-05-28 13:10 2120640]
 "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeC​ontrolPanel.exe" [2007-06-20 18:49 451872]
 "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
 "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
 "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "PinnacleDriverCheck"="C:\Wind​ows\system32\\PSDrvCheck.exe" [2004-03-11 07:26 406016]
 "Windows Mobile-based device management"="%windir%\WindowsM​obile\wmdc.exe" [ ]
 "LogitechCommunicationsManager​"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communi​cations_Helper.exe" [2007-02-08 07:12 488984]
 "LogitechQuickCamRibbon"="C:\P​rogram Files\Logitech\QuickCam10\Quic​kCam10.exe" [2007-02-08 07:13 774168]
 "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816]
 "BJLaunchEXE"="C:\Program Files\Canon\BJCard\BJLaunch.ex​e" [2006-09-06 18:24 722544]
 "Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-10 03:29 3165696]
 "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 21:44 101136 C:\Windows\KHALMNPR.Exe]
 "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 21:44 101136 C:\Windows\KHALMNPR.Exe]
 "Logitech BT Wizard"="LBTWiz.exe" []
 "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
 "NWEReboot"="" []
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_05\bin\jus​ched.exe" [2008-02-22 04:25 144784]
 "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 21:57 153136]
 "SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.e​xe" [2007-09-20 16:36 2044712]
 "InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe​" [2007-09-20 16:35 1077032]
 "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched​.exe" [2007-11-05 13:36 185632]
 "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
 "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
 "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-03-06 14:56 61440]
 "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61​-B58F-2F227FCA9A08}\PIFSvc.exe​" [2008-01-29 17:38 583048]
 "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
 "@"="" []
 "MSServer"="C:\Windows\system3​2\ljJDVmmJ.dll" [ ]
 "BM8fb7de31"="C:\Windows\syste​m32\dhgdsjqr.dll" [2008-06-06 13:14 124928]

 C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\Startup\
 Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe [2007-07-11 13:15:57 67128]
 Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoi​nt.exe [2007-11-14 01:05:44 688128]
 NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-05-20 18:37:15 49220]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\policies\system]
 "EnableLUA"= 0 (0x0)
 "EnableUIADesktopToggle"= 0 (0x0)

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
 c:\program files\common files\logitech\bluetooth\LBTWl​gn.dll 2007-01-30 09:15 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWl​gn.DLL

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "VIDC.MJPG"= Pvmjpg30.dll
 "VIDC.ACDV"= ACDV.dll
 "vidc.yv12"= yv12vfw.dll

 [HKLM\~\startupfolder\C:^Progra​mData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
 path=C:\ProgramData\Microsoft\​Windows\Start Menu\Programs\Startup\ymetray.​lnk
 backup=C:\Windows\pss\ymetray.​lnk.CommonStartup
 backupExtension=.CommonStartup

 [HKLM\~\startupfolder\C:^Progra​mData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk.disabled]
 path=C:\ProgramData\Microsoft\​Windows\Start Menu\Programs\Startup\ymetray.​lnk.disabled
 backup=C:\Windows\pss\ymetray.​lnk.disabled.CommonStartup
 backupExtension=.CommonStartup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\8c84edad]
 --a------ 2008-06-05 23:13 117248 C:\Windows\system32\qcqtusil.d​ll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\BitT​orrent DNA]
 --a------ 2008-05-04 20:28 289088 C:\Program Files\DNA\btdna.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\BM8fb7de31]
 --a------ 2008-06-05 18:44 126976 C:\Windows\system32\gxkiidsi.d​ll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Devi​ce Detector]


 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\HP Software Update]
 --a------ 2005-02-17 05:11 49152 c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\iTunesHelper]
 --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\KnexStarter]
 --a------ 2007-03-26 22:13 81920 c:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDevic​eService.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\RunTasktray]
 --a------ 2007-03-26 21:05 69120 c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\run-]
 "MSServer"=rundll32.exe C:\Windows\system32\ljJDVmmJ.d​ll,#1

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center]
 "UacDisableNotify"=dword:00000​001
 "InternetSettingsDisableNotify​"=dword:00000001
 "AutoUpdateDisableNotify"=dwor​d:00000001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring"=dword:0000​0001

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Domai​nProfile]
 "EnableFirewall"= 0 (0x0)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Domai​nProfile\AuthorizedApplication​s\List]
 "c:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"= c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun
 "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:​Logitech Harmony Remote Software 7

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Firew​allRules]
 "{B75D0CF0-A792-40DB-9298-BAF0​98BD6BE2}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Mi​crosoft Office Outlook
 "{9B1BD58A-334B-4EF6-801B-372B​FE7491FA}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
 "{96D2AA5F-C4A8-404E-9597-2B3D​7830BFF5}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
 "{1DF6F6D3-3950-4A67-863E-0ECB​53A703A6}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
 "{6A3AE6A6-32F4-4A12-B858-49E7​2907B5EE}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
 "{031EE234-FD29-47B0-A804-3EED​0D3CF36E}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.ex​e:PMSRegisterFile
 "{B88F6883-7C30-4C66-B3E2-29FC​29F251EF}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.ex​e:PMSRegisterFile
 "{C0EB4A01-9A65-4A2C-BB79-CEAB​7F3F23A1}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
 "{FDDEE597-284D-4DCB-B277-FFE6​7D35E480}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
 "{11A4BFBE-2EF9-4805-9B4E-1E3E​5CD77AFB}"= UDP:C:\Program Files\uTorrent\utorrent.exe:ut​orrent
 "{35763000-660B-47DC-9BBD-8251​B31F5736}"= TCP:C:\Program Files\uTorrent\utorrent.exe:ut​orrent
 "{0EA35F3C-4730-4178-A331-77CF​2CE629A1}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Y​ahoo! Music Jukebox
 "{5C81656B-5DAD-4153-B248-34A8​14459F4D}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Y​ahoo! Music Jukebox
 "{28092475-2BB2-46EB-B05D-3E71​6807E55C}"= UDP:990:LocalSubnet:LocalSubne​t|IF={190D3F27-FA5A-4520-9BD8-​2FCC402A2AC7}|%SystemRoot%\sys​tem32\svchost.exe|Svc=rapimgr:​@%systemroot%\WindowsMobile\wm​dSync.exe,-4001
 "{C3427D33-6F74-4B20-87B6-E854​BFF935E8}"= UDP:5721:LocalSubnet:LocalSubn​et|IF={190D3F27-FA5A-4520-9BD8​-2FCC402A2AC7}:@%systemroot%\W​indowsMobile\wmdc.exe,-4002
 "{8FA3F0FC-554E-41B3-B181-99F7​C80B7C11}"= UDP:1034:LocalSubnet:LocalSubn​et|IF={190D3F27-FA5A-4520-9BD8​-2FCC402A2AC7}:@%systemroot%\W​indowsMobile\wmdc.exe,-4003
 "{2BC5CFF7-A293-456C-A0E8-260F​FE43F54D}"= UDP:5678:LocalSubnet:LocalSubn​et|IF={190D3F27-FA5A-4520-9BD8​-2FCC402A2AC7}|%systemroot%\Wi​ndowsMobile\wmdHost.exe:@%syst​emroot%\WindowsMobile\wmdc.exe​,-4004
 "{FB1C2BF6-B952-4B30-B0E7-6E65​487558E4}"= UDP:999:LocalSubnet:LocalSubne​t|IF={190D3F27-FA5A-4520-9BD8-​2FCC402A2AC7}|%systemroot%\Win​dowsMobile\wmdHost.exe:@%syste​mroot%\WindowsMobile\wmdc.exe,​-4005
 "{9D40E769-988F-46B2-83A1-7EC5​4062EC13}"= UDP:26675:LocalSubnet:LocalSub​net|IF={190D3F27-FA5A-4520-9BD​8-2FCC402A2AC7}:@%systemroot%\​WindowsMobile\wmdc.exe,-4006
 "{0FF5C675-6E45-49F8-98F4-7525​CAE21EEE}"= UDP:990:LocalSubnet:LocalSubne​t|IF={190D3F27-FA5A-4520-9BD8-​2FCC402A2AC7}|%SystemRoot%\sys​tem32\svchost.exe|Svc=rapimgr:​@%systemroot%\WindowsMobile\wm​dc.exe,-4001
 "{1E95DEA4-AF97-444C-BBAA-A518​08170078}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µT​orrent
 "{22EC88B7-6F87-4E5A-9E0F-406D​2D5D0BA4}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µT​orrent
 "{DCF7C5DE-8253-4098-BB66-CCA9​7CCCDE4D}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
 "{2DA48AF7-B5EE-4BB0-A6C9-B4C0​6082AF25}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
 "{9179DF9B-920C-4DC1-89BA-5490​C1C0B8B3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.ex​e:Bonjour
 "{49C13857-9400-4776-BE74-189E​D1D9C7FE}"= TCP:C:\Program Files\Bonjour\mDNSResponder.ex​e:Bonjour
 "{6259C169-FD50-41D2-B722-3F2D​1DF3B597}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:Li​meWire
 "{413C5C99-57B9-417C-99DC-736E​AF94B4F1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:Li​meWire
 "{190A3923-455A-4461-80C0-6710​84CB69BA}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe:Logit​ech Desktop Messenger
 "{342DC326-8577-460F-BED4-34C3​243720F5}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe:Logit​ech Desktop Messenger
 "{53B21B7C-2F4B-4FF2-A374-302C​25BCEC12}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe:Logit​ech Desktop Messenger
 "{1F82396C-F964-441C-BCB5-5021​341B3290}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe:Logit​ech Desktop Messenger
 "{72D4C3A6-A460-4CEB-8427-0B1A​51295188}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe:Logit​ech Desktop Messenger
 "{2AFD34B9-A3A0-47CB-8932-E6D8​1988400A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Logi​techDesktopMessenger.exe:Logit​ech Desktop Messenger
 "{2028E943-67C7-4185-9241-F929​4278CBC3}"= UDP:C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe:Render Manager
 "{8E1BD3F2-A6D1-41BB-881B-397E​4EF261D6}"= TCP:C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe:Render Manager
 "{E7BCE20B-6659-428B-A144-EC19​6CDF16F5}"= UDP:C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod:Liquid
 "{C67A1442-ABB2-4EE0-9648-F0AD​AE129AC3}"= TCP:C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod:Liquid
 "{106F04FE-BB4F-47BB-972F-3C6D​97871554}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:Li​meWire
 "{19C2FCE6-E7FC-43BA-BCB6-89CE​4F1B602A}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:Li​meWire
 "{8BE53AAB-899C-4B19-B48C-615E​78E5A220}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
 "{8C2D1857-DA09-4112-A1D7-28AA​E7F729C1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
 "{07C4B496-AF93-4179-ACD7-6B23​0F980562}"= UDP:5721:LocalSubnet:LocalSubn​et|IF={AAAAA3C7-A65F-4316-A021​-C0C93A50C696}:@%systemroot%\W​indowsMobile\wmdc.exe,-4002
 "{459CE16D-E40A-403A-A00F-5CC4​1B07D08A}"= UDP:1034:LocalSubnet:LocalSubn​et|IF={AAAAA3C7-A65F-4316-A021​-C0C93A50C696}:@%systemroot%\W​indowsMobile\wmdc.exe,-4003
 "{3B878351-B142-44A3-A760-0A06​EFE59B03}"= UDP:5678:LocalSubnet:LocalSubn​et|IF={AAAAA3C7-A65F-4316-A021​-C0C93A50C696}|%systemroot%\Wi​ndowsMobile\wmdHost.exe:@%syst​emroot%\WindowsMobile\wmdc.exe​,-4004
 "{7A8782D7-7831-4EA9-81F9-8580​971604DB}"= UDP:999:LocalSubnet:LocalSubne​t|IF={AAAAA3C7-A65F-4316-A021-​C0C93A50C696}|%systemroot%\Win​dowsMobile\wmdHost.exe:@%syste​mroot%\WindowsMobile\wmdc.exe,​-4005
 "{44EB6B8C-6E54-46B9-9956-4A9E​2A6D497C}"= UDP:26675:LocalSubnet:LocalSub​net|IF={AAAAA3C7-A65F-4316-A02​1-C0C93A50C696}:@%systemroot%\​WindowsMobile\wmdc.exe,-4006
 "{40FE876B-1230-402D-AEA0-69C1​5D9C17F8}"= UDP:990:LocalSubnet:LocalSubne​t|IF={AAAAA3C7-A65F-4316-A021-​C0C93A50C696}|%SystemRoot%\sys​tem32\svchost.exe|Svc=rapimgr:​@%systemroot%\WindowsMobile\wm​dc.exe,-4001
 "{35DAA75C-143A-41F8-A67D-EE27​BFAAA0DD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
 "{2A999360-99C1-4B3B-A237-9BAC​9BF1C6B4}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
 "{2D8CFD57-D483-4B56-970D-8354​0FF750A2}"= UDP:C:\Program Files\BitTorrent\bittorrent.ex​e:BitTorrent
 "{D60B8733-A303-4E53-BC15-923B​9D6CE236}"= TCP:C:\Program Files\BitTorrent\bittorrent.ex​e:BitTorrent
 "{4F5F4CC0-3102-4196-B927-11C5​EC3DD043}"= UDP:14766:AzureusTCP
 "{667CB004-A494-4DA8-AE14-BABB​31D54650}"= TCP:14766:Azureus UDP
 "{00713432-088E-42F9-BDB2-2270​682176DF}"= UDP:C:\Program Files\Azureus\Azureus.exe:Azur​eus.exe
 "{366F584E-A075-4C5F-9AEB-06DC​E672C012}"= TCP:C:\Program Files\Azureus\Azureus.exe:Azur​eus.exe
 "{2CB78192-65C5-4DA3-8379-11AB​50C92D60}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
 "{AD61B35C-0C1E-4AE5-9AFB-9D49​30E567CF}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
 "{7CCA6033-3899-49ED-9592-1C66​B67BE273}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
 "{D65131A0-D10E-439D-B828-7FDB​EE066B08}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
 "{FA1854BD-9BD1-4849-BA56-13E6​7006C376}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Wi​ndows Live Messenger (Phone)
 "{4963D1A9-0AFF-4855-A30C-002E​93E639AB}"= UDP:5721:LocalSubnet:LocalSubn​et|IF={190D3F27-FA5A-4520-9BD8​-2FCC402A2AC7}:@%systemroot%\W​indowsMobile\wmdc.exe,-4002
 "{4E28F632-9559-402A-B037-A83D​17AAC39D}"= UDP:1034:LocalSubnet:LocalSubn​et|IF={190D3F27-FA5A-4520-9BD8​-2FCC402A2AC7}:@%systemroot%\W​indowsMobile\wmdc.exe,-4003
 "{749E8E5D-A2EF-4A4F-B8F8-F5D0​21EE4F11}"= UDP:5678:LocalSubnet:LocalSubn​et|IF={190D3F27-FA5A-4520-9BD8​-2FCC402A2AC7}|%systemroot%\Wi​ndowsMobile\wmdHost.exe:@%syst​emroot%\WindowsMobile\wmdc.exe​,-4004
 "{B77E2DAB-64D7-453E-82BC-CF5E​2FD24058}"= UDP:999:LocalSubnet:LocalSubne​t|IF={190D3F27-FA5A-4520-9BD8-​2FCC402A2AC7}|%systemroot%\Win​dowsMobile\wmdHost.exe:@%syste​mroot%\WindowsMobile\wmdc.exe,​-4005
 "{605D7F6F-C986-4F7A-AA61-0906​FAFDE50B}"= UDP:26675:LocalSubnet:LocalSub​net|IF={190D3F27-FA5A-4520-9BD​8-2FCC402A2AC7}:@%systemroot%\​WindowsMobile\wmdc.exe,-4006
 "{72095439-F158-4C7C-8782-18D4​1F71E293}"= UDP:990:LocalSubnet:LocalSubne​t|IF={190D3F27-FA5A-4520-9BD8-​2FCC402A2AC7}|%SystemRoot%\sys​tem32\svchost.exe|Svc=rapimgr:​@%systemroot%\WindowsMobile\wm​dc.exe,-4001
 "{2E430736-AD21-4575-B984-A5A0​A30D6B95}"= UDP:5721:LocalSubnet:LocalSubn​et|IF={AAAAA3C7-A65F-4316-A021​-C0C93A50C696}:@%systemroot%\W​indowsMobile\wmdc.exe,-4002
 "{2FE7790D-6EC1-4FD9-9F92-AB1A​2A2D34B2}"= UDP:1034:LocalSubnet:LocalSubn​et|IF={AAAAA3C7-A65F-4316-A021​-C0C93A50C696}:@%systemroot%\W​indowsMobile\wmdc.exe,-4003
 "{0D0828B1-FBEF-4F90-A410-6210​10315173}"= UDP:5678:LocalSubnet:LocalSubn​et|IF={AAAAA3C7-A65F-4316-A021​-C0C93A50C696}|%systemroot%\Wi​ndowsMobile\wmdHost.exe:@%syst​emroot%\WindowsMobile\wmdc.exe​,-4004
 "{F4A1E483-00C3-4242-A589-A8AE​A65E87AC}"= UDP:999:LocalSubnet:LocalSubne​t|IF={AAAAA3C7-A65F-4316-A021-​C0C93A50C696}|%systemroot%\Win​dowsMobile\wmdHost.exe:@%syste​mroot%\WindowsMobile\wmdc.exe,​-4005
 "{4D035134-CA67-4A7C-8781-09B1​9CB99551}"= UDP:26675:LocalSubnet:LocalSub​net|IF={AAAAA3C7-A65F-4316-A02​1-C0C93A50C696}:@%systemroot%\​WindowsMobile\wmdc.exe,-4006
 "{B45BE2BB-5D81-4C90-B6B8-3984​31B4F553}"= UDP:990:LocalSubnet:LocalSubne​t|IF={AAAAA3C7-A65F-4316-A021-​C0C93A50C696}|%SystemRoot%\sys​tem32\svchost.exe|Svc=rapimgr:​@%systemroot%\WindowsMobile\wm​dc.exe,-4001
 "{CD8C50A5-F8E0-4837-9901-BB61​D57B327B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Wi​ndows Live Messenger (Phone)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Publi​cProfile]
 "EnableFirewall"= 0 (0x0)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Stand​ardProfile]
 "EnableFirewall"= 0 (0x0)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Stand​ardProfile\AuthorizedApplicati​ons\List]
 "C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"​= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*​:Enabled:Yahoo! Music Jukebox
 "c:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"= c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun
 "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:​Logitech Harmony Remote Software 7
 "C:\\Program Files\\BitTorrent\\bittorrent.​exe"= C:\Program Files\BitTorrent\bittorrent.ex​e:*:Enabled:BitTorrent

 R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DE​FINI~1\SymcData\idsdefs\200806​03.001\IDSvix86.sys [2008-03-20 22:37]
 R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system​32\svchost.exe [2008-01-19 09:33]
 R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system​32\svchost.exe [2008-01-19 09:33]
 R3 R300;R300;C:\Windows\system32\​DRIVERS\atikmdag.sys [2007-01-19 06:03]
 R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DR​IVERS\RTL8187.sys [2007-07-18 13:56]
 R3 SYMNDISV;SYMNDISV;C:\Windows\s​ystem32\Drivers\SYMNDISV.SYS [2007-10-31 02:55]
 R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32​\DRIVERS\yk60x86.sys [2007-07-31 14:22]
 S3 RemoteControl-USBLAN;RemoteCon​trol-USBLAN;C:\Windows\system3​2\DRIVERS\rcblan.sys [2007-01-24 22:27]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\svchost]
 WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
 LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
 bthsvcs REG_MULTI_SZ    BthServ
 HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
 GPSvcGroup REG_MULTI_SZ    GPSvc

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{ff44365​9-956e-11dc-8b2a-00076147e31d}​]
 \shell\AutoRun\command - N:\InstallTomTomHOME.exe

 *Newly Created Service* - COMHOST

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
 "C:\Program Files\Common Files\LightScribe\LSRunOnce.ex​e"

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
 %SystemRoot%\system32\soundsch​emes.exe /AddRegistration
 .
 Contents of the 'Scheduled Tasks' folder
 "2008-06-02 18:00:20 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - JP.job"
 - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
 "2008-06-06 12:37:26 C:\Windows\Tasks\RtlVistaStart​.job"
 - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
 "2008-06-05 19:14:03 C:\Windows\Tasks\User_Feed_Syn​chronization-{B9D25DF9-A3F3-44​39-9970-5A2114CD04B0}.job"
 - C:\Windows\system32\msfeedssyn​c.exe
 .
 ******************************​******************************​**************

 catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-06-06 14:37:49
 Windows 6.0.6001 Service Pack 1 NTFS

 scanning hidden processes ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden files: 0

 ******************************​******************************​**************
 .
 --------------------- DLLs Loaded Under Running Processes ---------------------

 PROCESS: C:\Windows\Explorer.exe
 -> C:\Windows\system32\dhgdsjqr.d​ll
 .
 ------------------------ Other Running Processes ------------------------
 .
 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv​.exe
 C:\Windows\System32\audiodg.ex​e
 C:\Program Files\Common Files\Logitech\Bluetooth\LBTSE​RV.EXE
 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 C:\Program Files\Symantec\LiveUpdate\AluS​chedulerSvc.exe
 C:\Program Files\Canon\BJCard\Bjmcmng.exe
 C:\Program Files\Bonjour\mDNSResponder.ex​e
 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
 C:\Program Files\Nero\Nero8\InCD\InCDsrv.​exe
 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 C:\Program Files\lotus\notes\ntmulti.exe
 C:\Windows\System32\PnkBstrA.e​xe
 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE​.exe
 C:\Windows\WindowsMobile\wmdc.​exe
 C:\Program Files\Logitech\SetPoint\LBTWiz​.exe
 C:\Program Files\ASUS\ASUS DH Remote\AsDHRemote.exe
 C:\Windows\System32\rundll32.e​xe
 C:\Windows\ehome\ehmsas.exe
 C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX​.exe
 C:\Program Files\Windows Media Player\wmpnetwk.exe
 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.​exe
 C:\Program Files\iPod\bin\iPodService.exe
 C:\Program Files\Common Files\Logitech\khalshared\KHAL​MNPR.exe
 C:\Windows\System32\wbem\unsec​app.exe
 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIMana​ger.exe
 C:\Windows\System32\wbem\WMIAD​AP.exe
 C:\Windows\System32\dllhost.ex​e
 .
 ******************************​******************************​**************
 .
 Completion time: 2008-06-06 14:46:27 - machine was rebooted
 ComboFix-quarantined-files.txt  2008-06-06 12:46:03

The system cannot find message text for message number 0x2379 in the message file for Application.
 Post-Run: 299,984,916,480 bytes free

 430 --- E O F --- 2008-05-30 20:16:06

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 06/06/2008 à 14:08:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
infection vundo ;)

 Passe un coup de MalwareBytes et nettoie tout ce qu'il trouve
 Aide : http://www.site-naheulbeuk.com/malwarebytes.php
 Post moi le rapport généré à la fin dans ta prochaine réponse :)

 :p


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
mauldin
  1. Posté le 06/06/2008 à 17:15:45  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Tout a ete supprime, apres un redemarrage
 pour le moment le PC semble stable .....

 merci mille fois.

 ci dessous, le resultat de MalwareBytes :

 Malwarebytes' Anti-Malware 1.15
 Version de la base de données: 833

 5:50:43 PM 6/6/2008
 mbam-log-6-6-2008 (17-50-38).txt

 Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|I:\|L:\|)
 Eléments examinés: 370771
 Temps écoulé: 2 hour(s), 5 minute(s), 17 second(s)

 Processus mémoire infecté(s): 0
 Module(s) mémoire infecté(s): 0
 Clé(s) du Registre infectée(s): 3
 Valeur(s) du Registre infectée(s): 2
 Elément(s) de données du Registre infecté(s): 0
 Dossier(s) infecté(s): 0
 Fichier(s) infecté(s): 13

 Processus mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Module(s) mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Clé(s) du Registre infectée(s):
 HKEY_CURRENT_USER\Software\Mic​rosoft\affri (Malware.Trace) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\affri (Malware.Trace) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\MS Juan (Malware.Trace) -> No action taken.

 Valeur(s) du Registre infectée(s):
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run\MSServer (Trojan.Agent) -> No action taken.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run\BM8fb7de31 (Trojan.Agent) -> No action taken.

 Elément(s) de données du Registre infecté(s):
 (Aucun élément nuisible détecté)

 Dossier(s) infecté(s):
 (Aucun élément nuisible détecté)

 Fichier(s) infecté(s):
 C:\QooBox\Quarantine\C\Windows​\System32\ljJDuRhf.dll.vir (Trojan.Vundo) -> No action taken.
 C:\QooBox\Quarantine\C\Windows​\System32\xxyxywwu.dll.vir (Trojan.Vundo) -> No action taken.
 C:\System Volume Information\SystemRestore\FRSt​aging\Windows\System32\vtUOggD​u.dll (Trojan.Vundo) -> No action taken.
 C:\System Volume Information\SystemRestore\FRSt​aging\Windows\System32\yaywuuR​K.dll (Trojan.Vundo) -> No action taken.
 E:\PDA\From sheraza\Jeux\Pocket Pc - Games - 43 games [By ICE]\Pocket Pc - Game - 3D Mini Sportsbike\CORE10k.EXE (Trojan.Agent) -> No action taken.
 E:\PDA\From sheraza\Jeux\Pocket Pc - Games - 43 games [By ICE]\Pocket Pc - Game - 3D Mini-Transcanada\CORE10k.EXE (Trojan.Agent) -> No action taken.
 E:\Software\Ipod\IPod Access for Windows v2.9\cr-iaf29\CORE10k.EXE (Trojan.Agent) -> No action taken.
 E:\System Volume Information\_restore{3BDA9365-​60CC-4029-8FC8-054B8DBCB8DA}\R​P119\A0030204.EXE (Trojan.Agent) -> No action taken.
 E:\System Volume Information\_restore{3BDA9365-​60CC-4029-8FC8-054B8DBCB8DA}\R​P119\A0030210.EXE (Trojan.Agent) -> No action taken.
 F:\System Volume Information\_restore{3BDA9365-​60CC-4029-8FC8-054B8DBCB8DA}\R​P116\A0028762.EXE (Trojan.Agent) -> No action taken.
 F:\System Volume Information\_restore{3BDA9365-​60CC-4029-8FC8-054B8DBCB8DA}\R​P116\A0028768.EXE (Trojan.Agent) -> No action taken.
 F:\System Volume Information\_restore{3BDA9365-​60CC-4029-8FC8-054B8DBCB8DA}\R​P119\A0031371.EXE (Trojan.Agent) -> No action taken.
 C:\Windows\System32\dhgdsjqr.d​ll (Trojan.Agent) -> No action taken.

(Publicité)
  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 06/06/2008 à 22:00:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
tu as bien nettoyé tout ce que malwarebytes a détecté ? sinon fais-le ;)

 ensuite :

 Télécharge HijackThis

 Guide d'utilisation : http://www.site-naheulbeuk.com/hijackthis.php

 Clique alors sur "Do a system scan and save a logfile"
 Le scan se fait très rapidement, puis un bloc-note apparaît
 (le "logfile" )
 Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
 le texte est alors séléctionné, retourne dans "Edition" toujours
 en laissant le texte séléctionné, et clique sur copier.
 Colle le contenu ici dans ta prochaine réponse !

 ;)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
 Page :
1

Aller à :
 

Sujets relatifs
Plantage à l'arret du pc (irql_not_less_or_equal) microsoft agent server
"Ad Server by ContextTool" Antivirus gratuit pour windows server 2003
probleme de server  
Plus de sujets relatifs à : Ms Server et pop up sans arret

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
Accés limité aux pages web. 1
virus trojan sur vista 0
RESOLU popups security alerts-'spywaresecure' 22
pb norton security scan 1
blocage 0