Pop ups.

masaclaude -  
masaclaude Messages postés 15 Statut Membre -
Bonjour,
j'ai des troubles avec mon surfeur à savoir Windows internet explorer 7. le probleme est qu'il y a des fenetres publicitaires qui s'ouvrent quand je lance internet explorer, je les ai bloqué en activant Pop up blocker mais ca donne rien, j ai eu l idee de désinstaller internet explorer 7 mais sans succes, j arrive pas à le trouver dans add\remove programme de control panel, je suivi les directives données sur internet mais sans succes.
donc je me tourne vers vous gras pour m épauler. mon systeme d exploitation est Vista.

Et puis je recois une erreru disant Buffer ouverrun detected, et j ignore de quoi il s agit!!!!

Merci de votre aide.
Configuration: Mac OS X
Safari 522.15.5

1 réponse

  1. masaclaude Messages postés 15 Statut Membre
     
    j'ai fouillé dans le forum puis je susi tombé sur combofix j'ai suivi les directives, et voici le rapport de combofix

    j'espère que je receverai bientot votre réponse.

    ComboFix 08-04-26.5 - Claude 2008-04-27 14:26:31.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.246 [GMT -4:00]
    Running from: C:\Users\Claude\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Starware408
    C:\Program Files\Starware408\icons\star_16.ico
    C:\Program Files\Starware408\Starware408Config.xml
    C:\Program Files\Starware408\Starware408Uninstall.exe
    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
    C:\ProgramData\Starware408
    C:\ProgramData\Starware408\buttons\1223_button_1b_def.bmp
    C:\ProgramData\Starware408\buttons\1223_button_1b_over.bmp
    C:\ProgramData\Starware408\buttons\1229_button_1b_def.bmp
    C:\ProgramData\Starware408\buttons\1229_button_1b_over.bmp
    C:\ProgramData\Starware408\buttons\Button_50.bmp
    C:\ProgramData\Starware408\buttons\Button_60.bmp
    C:\ProgramData\Starware408\buttons\Button_70.bmp
    C:\ProgramData\Starware408\buttons\FindIt.bmp
    C:\ProgramData\Starware408\buttons\FindItHot.bmp
    C:\ProgramData\Starware408\buttons\findithotxp.png
    C:\ProgramData\Starware408\buttons\finditxp.png
    C:\ProgramData\Starware408\buttons\logo.bmp
    C:\ProgramData\Starware408\buttons\logoxp.bmp
    C:\ProgramData\Starware408\buttons\Weather.bmp
    C:\ProgramData\Starware408\buttons\WeatherHot.bmp
    C:\ProgramData\Starware408\buttons\weatherhotxp.png
    C:\ProgramData\Starware408\buttons\weatherxp.png
    C:\ProgramData\Starware408\contexts\error.xml
    C:\ProgramData\Starware408\contexts\related.xml
    C:\ProgramData\Starware408\contexts\travel.xml
    C:\ProgramData\Starware408\images\clear.bmp
    C:\ProgramData\Starware408\images\walertXP.bmp

    ----- BITS: Possible infected sites -----

    hxxp://ceement.rssx.hp.com
    .
    ((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-27 16:38 --------- d-----w C:\Users\Claude\AppData\Roaming\ErrorSmart
    2008-04-27 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-27 05:12 19,872 ----a-w C:\Users\Claude\AppData\Roaming\nvModes.dat
    2008-04-26 17:09 --------- d-----w C:\ProgramData\Symantec
    2008-04-26 17:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-04-26 16:36 --------- d-----w C:\Users\Claude\AppData\Roaming\Symantec
    2008-04-26 16:33 --------- d-----w C:\Program Files\Norton Internet Security
    2008-04-26 16:32 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-04-26 16:32 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    2008-04-26 16:32 10,563 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-04-26 16:32 --------- d-----w C:\Program Files\Symantec
    2008-04-26 15:41 --------- d-----w C:\ProgramData\Symantec Temporary Files
    2008-04-26 14:55 --------- d-----w C:\Program Files\Windows Sidebar
    2008-04-26 14:55 --------- d-----w C:\Program Files\Windows Mail
    2008-04-26 14:53 --------- d-----w C:\ProgramData\Microsoft Help
    2008-04-26 09:10 --------- d-----w C:\Program Files\Alwil Software
    2008-04-16 18:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
    2008-04-07 00:58 --------- d-----w C:\Program Files\SopCast
    2008-04-06 14:30 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-03-31 02:36 --------- d-----w C:\Program Files\iTunes
    2008-03-31 02:36 --------- d-----w C:\Program Files\iPod
    2008-03-31 02:23 --------- d-----w C:\Program Files\LimeWire
    2008-03-26 00:06 --------- d-----w C:\ProgramData\DassaultSystemes
    2008-03-22 03:52 --------- d-----w C:\Program Files\Dassault Systemes
    2008-03-07 21:02 --------- d-----w C:\Program Files\epson
    2008-03-07 01:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-03-07 01:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-03-07 01:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
    2008-03-04 23:55 --------- d-----w C:\Program Files\Softland
    2008-03-04 23:47 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_4568.exe
    2008-03-04 23:47 --------- d-----w C:\Program Files\PDFCreator Toolbar
    2008-03-04 23:47 --------- d-----w C:\Program Files\PDFCreator
    2008-03-03 18:40 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-03-03 18:14 --------- d-----w C:\ProgramData\Autodesk
    2008-03-02 17:00 --------- d-----w C:\Users\Claude\AppData\Roaming\DassaultSystemes
    2008-03-02 08:04 --------- d-----w C:\Program Files\Windows Live
    2008-02-29 23:31 --------- d-----w C:\Program Files\Learning Essentials
    2008-02-29 19:26 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-02-29 16:58 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-02-29 16:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-29 16:37 --------- d-----w C:\ProgramData\WLInstaller
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 02:32 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 02:32 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 02:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-02-14 02:32 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 02:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-01 16:11 586,240 ----a-w C:\Windows\WLXPGSS.SCR
    2007-12-06 19:49 32 ----a-w C:\Users\All Users\ezsid.dat
    2007-12-06 19:49 32 ----a-w C:\ProgramData\ezsid.dat
    2007-09-01 16:58 174 --sha-w C:\Program Files\desktop.ini
    2007-08-18 02:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-08-18 02:22 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-08-18 02:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    2008-02-07 00:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2008-04-26 12:29 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 00:05 349552]

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 00:05 349552]

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 17:32 1232896]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NWEReboot"="" []
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 01:14 833072]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-21 06:11 77824]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 00:25 90191]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 00:25 81920]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 00:25 7766016]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM246ee76a]
    C:\Users\Claude\AppData\Local\Temp\spdyejti.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
    --------- 2008-04-25 20:00 281088 C:\Users\Claude\AppData\Local\Temp\nnnlmLfF.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    --a------ 2006-10-18 13:32 472800 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-07-31 18:44 271672 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_3918854]
    --a------ 2006-06-13 12:11 351000 C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    --a------ 2006-11-06 14:58 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    --a------ 2006-12-02 20:32 167936 C:\Program Files\HP\QuickPlay\QPService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-05-27 19:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
    --a------ 2007-07-02 13:24 7394608 C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2007-04-12 10:01 1006264 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2006-11-02 08:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-07-16 15:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{9257FA5E-3DB8-4481-99EA-B47A38702D36}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{0D8EA2D3-9BE9-4D81-A976-3E85C8A38AEF}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{FC0D3F8C-4FB3-46B1-96F2-B43EDEC4A758}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
    "{AAF8EF7A-0E7C-4D05-9753-85AAEA97D472}"= C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
    "{946A479A-F395-4E4F-9E31-2D27D65115A3}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
    "{38784E67-63A9-4AF9-9918-9B2BB3AB977E}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
    "{1C849C3A-A6B4-4CC4-80CA-CD9CE0036DAB}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
    "{1B5215C4-F369-4416-BF9E-F6E2F0D09A5B}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
    "{E40D3E8B-DB6D-4546-8310-BC9B655E2D37}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{488F73E7-E218-4FAD-AF4A-A4E1F31AB0DC}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{B37B5199-CD37-42D2-9A70-A2CA94CC5DA5}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{2B3B5CE9-C5E7-4A61-B9DD-831BD9ADF0E2}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{B5159F96-FE61-46AD-BD1F-78A80378DC01}"= UDP:23813:BitComet 23813 TCP
    "{4920E2B4-82BB-4944-9C3D-769C7688C196}"= TCP:23813:BitComet 23813 UDP
    "TCP Query User{F63F43AC-3B12-445E-A20E-E02CDF77D91B}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{C8D56D7E-C80C-4066-992F-55438B330D3D}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "{33825BB1-3D5C-435D-8BDE-F2464C279C09}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{0585F28B-62ED-4E09-8425-65E5AFB46555}C:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
    "UDP Query User{5E48C32E-EC44-48AD-AE86-76B64BDE2960}C:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
    "{39F500FF-0609-47A5-B9F1-E92EEAE0CBA7}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{0B8DA448-F81D-46EE-9547-4F694B1E74F1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{71EF411B-6A86-4C20-A48A-F064D06D4641}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{437215F4-6032-45FB-8096-AD8684AD616C}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{CB3B34E2-75C1-4427-9FC1-1B5A4F7DC9AE}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
    "UDP Query User{167C44C4-8853-41A4-8BFE-E12DF45A28F2}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
    "TCP Query User{B2023395-0F69-41B4-8901-86C5425B0274}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{A383CD92-9F27-4118-8D85-0ACD3F7A63AE}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{6B980CF3-3C2C-468F-825E-996A6E41DD87}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{BD8E2B14-A341-4F5F-B75C-35A2BD98549A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{A94BD2E1-17C0-4FBE-BCAF-44C8BAD1908F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{7856D159-5F5A-4CE2-BB07-F92832176BA9}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "TCP Query User{643DC6C8-B8C3-4D35-B1A2-4B07FDB509BB}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "UDP Query User{A7730E66-A938-4101-9E79-5D71EFB78058}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "TCP Query User{4F9205AA-3367-4EE4-9B1B-75610FDA2319}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{93F94556-74E5-4C47-94AE-8FDF3C7BC133}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{23F51E85-6783-421B-911B-70D321BF1502}C:\\program files\\maple 10\\jre\\bin\\java.exe"= UDP:C:\program files\maple 10\jre\bin\java.exe:java
    "UDP Query User{854D34CD-7358-4BE9-94ED-B8E3C8D7ACA8}C:\\program files\\maple 10\\jre\\bin\\java.exe"= TCP:C:\program files\maple 10\jre\bin\java.exe:java
    "TCP Query User{9DAA784F-1A97-46A9-9418-0C904AFA19E7}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple
    "UDP Query User{03328B7C-A208-40B2-800A-7EAAC61AF12E}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple
    "{0DFBAF16-D929-41AF-B3C2-BD34B2A6A6C3}"= UDP:23813:BitComet 23813 TCP
    "{82C0B3B8-7ACF-4F13-83B2-CAA5F11A3D63}"= TCP:23813:BitComet 23813 UDP
    "TCP Query User{C7B8DCC0-09EF-4114-857D-70A9702974B9}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{C77C9789-8150-4CC2-B937-651D2B7A6BB5}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{87F33A32-B784-4254-A1D9-066EBA1C2506}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
    "UDP Query User{50EC9824-F301-4125-BB3A-DBE5B0CC12F5}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
    "TCP Query User{251C980B-7936-4516-822A-BD75F3294C63}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
    "UDP Query User{67634E46-42BF-40B7-8D9D-EC14D9426466}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
    "{D5D94E50-8A98-4C83-84FC-1FA4D7D6A5AB}"= UDP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
    "{B01C4154-80C9-4D2A-8FE0-D9FE5A71E95B}"= TCP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
    "TCP Query User{6D5905EF-3133-436C-A608-BD21C8E5E5DA}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "UDP Query User{14B9F3F5-039F-421F-B893-7808671BF89C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "TCP Query User{E98541F7-9FC1-400E-B51A-5E04FAAC999E}C:\\program files\\apache group\\apache2\\bin\\apache.exe"= UDP:C:\program files\apache group\apache2\bin\apache.exe:Apache HTTP Server
    "UDP Query User{245A1BCB-E679-44C9-B782-6483931971AC}C:\\program files\\apache group\\apache2\\bin\\apache.exe"= TCP:C:\program files\apache group\apache2\bin\apache.exe:Apache HTTP Server
    "{A9A2F8FF-A526-485A-9AB4-FEBD3D282899}"= UDP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
    "{412293C4-FB88-46CF-87D6-0A27613D844E}"= TCP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
    "{DD46375E-8FAF-4C29-9C4F-A6ECC63BCE3C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{9956F3ED-5918-4EBF-A5B7-15972DF5A550}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "TCP Query User{ACDF7209-5729-4426-9E53-2DDBE14C45BD}C:\\downloads\\emule 0.48a\\emule\\emule.exe"= UDP:C:\downloads\emule 0.48a\emule\emule.exe:eMule
    "UDP Query User{7A09D7B2-CCA8-4F05-A905-3D9EB0F74528}C:\\downloads\\emule 0.48a\\emule\\emule.exe"= TCP:C:\downloads\emule 0.48a\emule\emule.exe:eMule
    "TCP Query User{7B43C98B-553D-4A7F-86E1-A4167D6C26AE}C:\\users\\claude\\appdata\\local\\temp\\temp1_emule0.48a[1].zip\\emule0.48a\\emule.exe"= UDP:C:\users\claude\appdata\local\temp\temp1_emule0.48a[1].zip\emule0.48a\emule.exe:emule.exe
    "UDP Query User{8B0FB110-CD82-47CE-B41C-93E61DBCC8C7}C:\\users\\claude\\appdata\\local\\temp\\temp1_emule0.48a[1].zip\\emule0.48a\\emule.exe"= TCP:C:\users\claude\appdata\local\temp\temp1_emule0.48a[1].zip\emule0.48a\emule.exe:emule.exe
    "{B293F821-319B-4F19-9BE2-A85DECFC6680}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "{F6CADF11-D19C-4549-B494-105A527FFE6D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "{C6A1B8A6-ADC1-49F8-A5E6-06CC8797ACDC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{214DC07B-E9DD-4BC5-A5F2-0A2C4EA4815E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{64CCD189-AF5D-4968-AAC4-28783751EF6E}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "UDP Query User{D107C76D-4E83-4D44-B281-7840646D36EF}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "{4CFD00F5-FB87-4BE0-BE2B-5BB4DEAAC477}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{9594DBAA-DE99-40F6-A09F-BD43CF214628}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{25BE74DB-C1E0-4977-914D-9AE8C3037AE8}C:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
    "UDP Query User{DB35F8AB-C752-4AD2-A92C-045F8C93A09A}C:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
    "TCP Query User{3614789C-D706-47D0-A59A-F9943EBD0584}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{CC0BC0BB-C34A-42E4-BDBA-8E190B86067C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{525514F4-0B52-4ADD-9D9F-08D1DF542270}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "UDP Query User{B7585B18-5C7C-4DE7-BB4D-A501D5B2EB7C}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "TCP Query User{D582EBB5-CFA4-47BF-8FB5-65FFCFA04070}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
    "UDP Query User{642D3AC3-05CE-41FC-A532-60C38D4D9875}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
    "TCP Query User{B5A4A7D5-19FD-42FF-9E8C-3B171F7FA902}C:\\program files\\sopcast\\sopvod.exe"= UDP:C:\program files\sopcast\sopvod.exe:sopvod
    "UDP Query User{0AA9864C-5948-48B7-90D5-53B109DEB05D}C:\\program files\\sopcast\\sopvod.exe"= TCP:C:\program files\sopcast\sopvod.exe:sopvod
    "{5C4EE88A-72C1-4B50-81CF-8C175741DF47}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{6FB67D6C-B89C-4C19-840C-AD546EAAF6D7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{033955B6-BFD2-4257-AAA6-B4DE818A13CE}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "UDP Query User{C24EE2F7-0BE1-4192-BAC9-07950304299A}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "{4657367F-A147-4B3A-B1EF-07A403F4388C}"= UDP:C:\Program Files\PoivY.com\PoivY\PoivY.exe:PoivY
    "{F0D849F0-262D-4DC7-BA7E-683014A405C0}"= TCP:C:\Program Files\PoivY.com\PoivY\PoivY.exe:PoivY
    "{7FC335FC-E3BA-44BC-B00E-E2E98395AE14}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{97E87FA9-6821-403C-ADDB-F05A146B00D4}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\orbixd.exe"= UDP:C:\program files\dassault systemes\b16\intel_a\code\bin\orbixd.exe:orbixd
    "UDP Query User{055966C2-852D-44F3-B0A5-7AD3E5B711A7}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\orbixd.exe"= TCP:C:\program files\dassault systemes\b16\intel_a\code\bin\orbixd.exe:orbixd
    "TCP Query User{FC916EC6-C6C4-47C7-B000-23A7E4D38434}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\cnext.exe"= UDP:C:\program files\dassault systemes\b16\intel_a\code\bin\cnext.exe:CATIA
    "UDP Query User{CD9F2EDD-804D-4F3A-AFD4-C342E99105D9}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\cnext.exe"= TCP:C:\program files\dassault systemes\b16\intel_a\code\bin\cnext.exe:CATIA
    "{1DE1DD62-ECE9-4BBD-858D-6A1157F1981C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{65F59B1A-A93F-42EB-AAAA-3094B2B055AD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080425.001\IDSvix86.sys [2008-03-20 16:37]
    R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service []
    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 05:39]
    R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
    R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 04:44]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 15:34]
    S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 15:43]
    S3 LUMDriver;LUMDriver;C:\Windows\system32\drivers\LUMDriver.sys [2003-07-11 09:22]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48f8c523-c39f-11db-a9cf-001636cea027}]
    \shell\Auto\command - F:\Cn911.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-27 16:38:19 C:\Windows\Tasks\ErrorSmart Scheduled Scan.job"
    - C:\Program Files\ErrorSmart\ErrorSmart.ex
    - C:\Program Files\ErrorSmart.Claude+Runs ErrorSmart to optimize your registry.
    "2008-04-26 18:43:53 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Claude.job"
    - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-27 14:34:26
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 19

    **************************************************************************
    .
    Completion time: 2008-04-27 14:40:53
    ComboFix-quarantined-files.txt 2008-04-27 18:40:43

    The system cannot find message text for message number 0x2379 in the message file for Application.
    The system cannot find message text for message number 0x2379 in the message file for Application.

    312 --- E O F --- 2008-04-26 14:53:07
    0