Pop ups.
Fermé
masaclaude
-
27 avril 2008 à 19:19
masaclaude Messages postés 15 Date d'inscription jeudi 7 juin 2007 Statut Membre Dernière intervention 20 décembre 2008 - 27 avril 2008 à 21:33
masaclaude Messages postés 15 Date d'inscription jeudi 7 juin 2007 Statut Membre Dernière intervention 20 décembre 2008 - 27 avril 2008 à 21:33
A voir également:
- Pop ups.
- Serveur pop - Guide
- Pop corn streaming - Télécharger - TV & Vidéo
- Pop up mcafee - Accueil - Piratage
- Autoriser pop up firefox - Guide
- Notification pop up indisponible whatsapp android 14 - Forum Téléphones & tablettes Android
1 réponse
masaclaude
Messages postés
15
Date d'inscription
jeudi 7 juin 2007
Statut
Membre
Dernière intervention
20 décembre 2008
27 avril 2008 à 21:33
27 avril 2008 à 21:33
j'ai fouillé dans le forum puis je susi tombé sur combofix j'ai suivi les directives, et voici le rapport de combofix
j'espère que je receverai bientot votre réponse.
ComboFix 08-04-26.5 - Claude 2008-04-27 14:26:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.246 [GMT -4:00]
Running from: C:\Users\Claude\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Starware408
C:\Program Files\Starware408\icons\star_16.ico
C:\Program Files\Starware408\Starware408Config.xml
C:\Program Files\Starware408\Starware408Uninstall.exe
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\ProgramData\Starware408
C:\ProgramData\Starware408\buttons\1223_button_1b_def.bmp
C:\ProgramData\Starware408\buttons\1223_button_1b_over.bmp
C:\ProgramData\Starware408\buttons\1229_button_1b_def.bmp
C:\ProgramData\Starware408\buttons\1229_button_1b_over.bmp
C:\ProgramData\Starware408\buttons\Button_50.bmp
C:\ProgramData\Starware408\buttons\Button_60.bmp
C:\ProgramData\Starware408\buttons\Button_70.bmp
C:\ProgramData\Starware408\buttons\FindIt.bmp
C:\ProgramData\Starware408\buttons\FindItHot.bmp
C:\ProgramData\Starware408\buttons\findithotxp.png
C:\ProgramData\Starware408\buttons\finditxp.png
C:\ProgramData\Starware408\buttons\logo.bmp
C:\ProgramData\Starware408\buttons\logoxp.bmp
C:\ProgramData\Starware408\buttons\Weather.bmp
C:\ProgramData\Starware408\buttons\WeatherHot.bmp
C:\ProgramData\Starware408\buttons\weatherhotxp.png
C:\ProgramData\Starware408\buttons\weatherxp.png
C:\ProgramData\Starware408\contexts\error.xml
C:\ProgramData\Starware408\contexts\related.xml
C:\ProgramData\Starware408\contexts\travel.xml
C:\ProgramData\Starware408\images\clear.bmp
C:\ProgramData\Starware408\images\walertXP.bmp
----- BITS: Possible infected sites -----
hxxp://ceement.rssx.hp.com
.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 16:38 --------- d-----w C:\Users\Claude\AppData\Roaming\ErrorSmart
2008-04-27 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 05:12 19,872 ----a-w C:\Users\Claude\AppData\Roaming\nvModes.dat
2008-04-26 17:09 --------- d-----w C:\ProgramData\Symantec
2008-04-26 17:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-26 16:36 --------- d-----w C:\Users\Claude\AppData\Roaming\Symantec
2008-04-26 16:33 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-26 16:32 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-04-26 16:32 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-04-26 16:32 10,563 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-04-26 16:32 --------- d-----w C:\Program Files\Symantec
2008-04-26 15:41 --------- d-----w C:\ProgramData\Symantec Temporary Files
2008-04-26 14:55 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-26 14:55 --------- d-----w C:\Program Files\Windows Mail
2008-04-26 14:53 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-26 09:10 --------- d-----w C:\Program Files\Alwil Software
2008-04-16 18:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-04-07 00:58 --------- d-----w C:\Program Files\SopCast
2008-04-06 14:30 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-31 02:36 --------- d-----w C:\Program Files\iTunes
2008-03-31 02:36 --------- d-----w C:\Program Files\iPod
2008-03-31 02:23 --------- d-----w C:\Program Files\LimeWire
2008-03-26 00:06 --------- d-----w C:\ProgramData\DassaultSystemes
2008-03-22 03:52 --------- d-----w C:\Program Files\Dassault Systemes
2008-03-07 21:02 --------- d-----w C:\Program Files\epson
2008-03-07 01:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-03-04 23:55 --------- d-----w C:\Program Files\Softland
2008-03-04 23:47 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_4568.exe
2008-03-04 23:47 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-03-04 23:47 --------- d-----w C:\Program Files\PDFCreator
2008-03-03 18:40 --------- d-----w C:\Program Files\NCH Swift Sound
2008-03-03 18:14 --------- d-----w C:\ProgramData\Autodesk
2008-03-02 17:00 --------- d-----w C:\Users\Claude\AppData\Roaming\DassaultSystemes
2008-03-02 08:04 --------- d-----w C:\Program Files\Windows Live
2008-02-29 23:31 --------- d-----w C:\Program Files\Learning Essentials
2008-02-29 19:26 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-29 16:58 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-29 16:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 16:37 --------- d-----w C:\ProgramData\WLInstaller
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:32 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:32 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 02:32 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-01 16:11 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2007-12-06 19:49 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-06 19:49 32 ----a-w C:\ProgramData\ezsid.dat
2007-09-01 16:58 174 --sha-w C:\Program Files\desktop.ini
2007-08-18 02:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-18 02:22 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-18 02:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-07 00:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-26 12:29 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 00:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 00:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 17:32 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"="" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 01:14 833072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-21 06:11 77824]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 00:25 90191]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 00:25 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 00:25 7766016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM246ee76a]
C:\Users\Claude\AppData\Local\Temp\spdyejti.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
--------- 2008-04-25 20:00 281088 C:\Users\Claude\AppData\Local\Temp\nnnlmLfF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-10-18 13:32 472800 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-31 18:44 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_3918854]
--a------ 2006-06-13 12:11 351000 C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-11-06 14:58 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-12-02 20:32 167936 C:\Program Files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-27 19:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
--a------ 2007-07-02 13:24 7394608 C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-04-12 10:01 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 08:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-07-16 15:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9257FA5E-3DB8-4481-99EA-B47A38702D36}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{0D8EA2D3-9BE9-4D81-A976-3E85C8A38AEF}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{FC0D3F8C-4FB3-46B1-96F2-B43EDEC4A758}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{AAF8EF7A-0E7C-4D05-9753-85AAEA97D472}"= C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{946A479A-F395-4E4F-9E31-2D27D65115A3}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{38784E67-63A9-4AF9-9918-9B2BB3AB977E}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{1C849C3A-A6B4-4CC4-80CA-CD9CE0036DAB}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{1B5215C4-F369-4416-BF9E-F6E2F0D09A5B}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{E40D3E8B-DB6D-4546-8310-BC9B655E2D37}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{488F73E7-E218-4FAD-AF4A-A4E1F31AB0DC}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B37B5199-CD37-42D2-9A70-A2CA94CC5DA5}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B3B5CE9-C5E7-4A61-B9DD-831BD9ADF0E2}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B5159F96-FE61-46AD-BD1F-78A80378DC01}"= UDP:23813:BitComet 23813 TCP
"{4920E2B4-82BB-4944-9C3D-769C7688C196}"= TCP:23813:BitComet 23813 UDP
"TCP Query User{F63F43AC-3B12-445E-A20E-E02CDF77D91B}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C8D56D7E-C80C-4066-992F-55438B330D3D}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{33825BB1-3D5C-435D-8BDE-F2464C279C09}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{0585F28B-62ED-4E09-8425-65E5AFB46555}C:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{5E48C32E-EC44-48AD-AE86-76B64BDE2960}C:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{39F500FF-0609-47A5-B9F1-E92EEAE0CBA7}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0B8DA448-F81D-46EE-9547-4F694B1E74F1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{71EF411B-6A86-4C20-A48A-F064D06D4641}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{437215F4-6032-45FB-8096-AD8684AD616C}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{CB3B34E2-75C1-4427-9FC1-1B5A4F7DC9AE}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{167C44C4-8853-41A4-8BFE-E12DF45A28F2}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{B2023395-0F69-41B4-8901-86C5425B0274}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{A383CD92-9F27-4118-8D85-0ACD3F7A63AE}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{6B980CF3-3C2C-468F-825E-996A6E41DD87}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BD8E2B14-A341-4F5F-B75C-35A2BD98549A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{A94BD2E1-17C0-4FBE-BCAF-44C8BAD1908F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7856D159-5F5A-4CE2-BB07-F92832176BA9}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{643DC6C8-B8C3-4D35-B1A2-4B07FDB509BB}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{A7730E66-A938-4101-9E79-5D71EFB78058}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{4F9205AA-3367-4EE4-9B1B-75610FDA2319}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{93F94556-74E5-4C47-94AE-8FDF3C7BC133}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{23F51E85-6783-421B-911B-70D321BF1502}C:\\program files\\maple 10\\jre\\bin\\java.exe"= UDP:C:\program files\maple 10\jre\bin\java.exe:java
"UDP Query User{854D34CD-7358-4BE9-94ED-B8E3C8D7ACA8}C:\\program files\\maple 10\\jre\\bin\\java.exe"= TCP:C:\program files\maple 10\jre\bin\java.exe:java
"TCP Query User{9DAA784F-1A97-46A9-9418-0C904AFA19E7}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple
"UDP Query User{03328B7C-A208-40B2-800A-7EAAC61AF12E}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple
"{0DFBAF16-D929-41AF-B3C2-BD34B2A6A6C3}"= UDP:23813:BitComet 23813 TCP
"{82C0B3B8-7ACF-4F13-83B2-CAA5F11A3D63}"= TCP:23813:BitComet 23813 UDP
"TCP Query User{C7B8DCC0-09EF-4114-857D-70A9702974B9}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{C77C9789-8150-4CC2-B937-651D2B7A6BB5}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{87F33A32-B784-4254-A1D9-066EBA1C2506}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{50EC9824-F301-4125-BB3A-DBE5B0CC12F5}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{251C980B-7936-4516-822A-BD75F3294C63}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{67634E46-42BF-40B7-8D9D-EC14D9426466}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{D5D94E50-8A98-4C83-84FC-1FA4D7D6A5AB}"= UDP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{B01C4154-80C9-4D2A-8FE0-D9FE5A71E95B}"= TCP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"TCP Query User{6D5905EF-3133-436C-A608-BD21C8E5E5DA}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{14B9F3F5-039F-421F-B893-7808671BF89C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{E98541F7-9FC1-400E-B51A-5E04FAAC999E}C:\\program files\\apache group\\apache2\\bin\\apache.exe"= UDP:C:\program files\apache group\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{245A1BCB-E679-44C9-B782-6483931971AC}C:\\program files\\apache group\\apache2\\bin\\apache.exe"= TCP:C:\program files\apache group\apache2\bin\apache.exe:Apache HTTP Server
"{A9A2F8FF-A526-485A-9AB4-FEBD3D282899}"= UDP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{412293C4-FB88-46CF-87D6-0A27613D844E}"= TCP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{DD46375E-8FAF-4C29-9C4F-A6ECC63BCE3C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9956F3ED-5918-4EBF-A5B7-15972DF5A550}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{ACDF7209-5729-4426-9E53-2DDBE14C45BD}C:\\downloads\\emule 0.48a\\emule\\emule.exe"= UDP:C:\downloads\emule 0.48a\emule\emule.exe:eMule
"UDP Query User{7A09D7B2-CCA8-4F05-A905-3D9EB0F74528}C:\\downloads\\emule 0.48a\\emule\\emule.exe"= TCP:C:\downloads\emule 0.48a\emule\emule.exe:eMule
"TCP Query User{7B43C98B-553D-4A7F-86E1-A4167D6C26AE}C:\\users\\claude\\appdata\\local\\temp\\temp1_emule0.48a[1].zip\\emule0.48a\\emule.exe"= UDP:C:\users\claude\appdata\local\temp\temp1_emule0.48a[1].zip\emule0.48a\emule.exe:emule.exe
"UDP Query User{8B0FB110-CD82-47CE-B41C-93E61DBCC8C7}C:\\users\\claude\\appdata\\local\\temp\\temp1_emule0.48a[1].zip\\emule0.48a\\emule.exe"= TCP:C:\users\claude\appdata\local\temp\temp1_emule0.48a[1].zip\emule0.48a\emule.exe:emule.exe
"{B293F821-319B-4F19-9BE2-A85DECFC6680}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{F6CADF11-D19C-4549-B494-105A527FFE6D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{C6A1B8A6-ADC1-49F8-A5E6-06CC8797ACDC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{214DC07B-E9DD-4BC5-A5F2-0A2C4EA4815E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{64CCD189-AF5D-4968-AAC4-28783751EF6E}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{D107C76D-4E83-4D44-B281-7840646D36EF}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{4CFD00F5-FB87-4BE0-BE2B-5BB4DEAAC477}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9594DBAA-DE99-40F6-A09F-BD43CF214628}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{25BE74DB-C1E0-4977-914D-9AE8C3037AE8}C:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"UDP Query User{DB35F8AB-C752-4AD2-A92C-045F8C93A09A}C:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"TCP Query User{3614789C-D706-47D0-A59A-F9943EBD0584}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{CC0BC0BB-C34A-42E4-BDBA-8E190B86067C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{525514F4-0B52-4ADD-9D9F-08D1DF542270}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{B7585B18-5C7C-4DE7-BB4D-A501D5B2EB7C}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{D582EBB5-CFA4-47BF-8FB5-65FFCFA04070}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{642D3AC3-05CE-41FC-A532-60C38D4D9875}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{B5A4A7D5-19FD-42FF-9E8C-3B171F7FA902}C:\\program files\\sopcast\\sopvod.exe"= UDP:C:\program files\sopcast\sopvod.exe:sopvod
"UDP Query User{0AA9864C-5948-48B7-90D5-53B109DEB05D}C:\\program files\\sopcast\\sopvod.exe"= TCP:C:\program files\sopcast\sopvod.exe:sopvod
"{5C4EE88A-72C1-4B50-81CF-8C175741DF47}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6FB67D6C-B89C-4C19-840C-AD546EAAF6D7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{033955B6-BFD2-4257-AAA6-B4DE818A13CE}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{C24EE2F7-0BE1-4192-BAC9-07950304299A}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{4657367F-A147-4B3A-B1EF-07A403F4388C}"= UDP:C:\Program Files\PoivY.com\PoivY\PoivY.exe:PoivY
"{F0D849F0-262D-4DC7-BA7E-683014A405C0}"= TCP:C:\Program Files\PoivY.com\PoivY\PoivY.exe:PoivY
"{7FC335FC-E3BA-44BC-B00E-E2E98395AE14}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{97E87FA9-6821-403C-ADDB-F05A146B00D4}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\orbixd.exe"= UDP:C:\program files\dassault systemes\b16\intel_a\code\bin\orbixd.exe:orbixd
"UDP Query User{055966C2-852D-44F3-B0A5-7AD3E5B711A7}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\orbixd.exe"= TCP:C:\program files\dassault systemes\b16\intel_a\code\bin\orbixd.exe:orbixd
"TCP Query User{FC916EC6-C6C4-47C7-B000-23A7E4D38434}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\cnext.exe"= UDP:C:\program files\dassault systemes\b16\intel_a\code\bin\cnext.exe:CATIA
"UDP Query User{CD9F2EDD-804D-4F3A-AFD4-C342E99105D9}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\cnext.exe"= TCP:C:\program files\dassault systemes\b16\intel_a\code\bin\cnext.exe:CATIA
"{1DE1DD62-ECE9-4BBD-858D-6A1157F1981C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{65F59B1A-A93F-42EB-AAAA-3094B2B055AD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080425.001\IDSvix86.sys [2008-03-20 16:37]
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service []
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 05:39]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 04:44]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 15:34]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 15:43]
S3 LUMDriver;LUMDriver;C:\Windows\system32\drivers\LUMDriver.sys [2003-07-11 09:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48f8c523-c39f-11db-a9cf-001636cea027}]
\shell\Auto\command - F:\Cn911.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 16:38:19 C:\Windows\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.Claude+Runs ErrorSmart to optimize your registry.
"2008-04-26 18:43:53 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Claude.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 14:34:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 19
**************************************************************************
.
Completion time: 2008-04-27 14:40:53
ComboFix-quarantined-files.txt 2008-04-27 18:40:43
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
312 --- E O F --- 2008-04-26 14:53:07
j'espère que je receverai bientot votre réponse.
ComboFix 08-04-26.5 - Claude 2008-04-27 14:26:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.246 [GMT -4:00]
Running from: C:\Users\Claude\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Starware408
C:\Program Files\Starware408\icons\star_16.ico
C:\Program Files\Starware408\Starware408Config.xml
C:\Program Files\Starware408\Starware408Uninstall.exe
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\ProgramData\Starware408
C:\ProgramData\Starware408\buttons\1223_button_1b_def.bmp
C:\ProgramData\Starware408\buttons\1223_button_1b_over.bmp
C:\ProgramData\Starware408\buttons\1229_button_1b_def.bmp
C:\ProgramData\Starware408\buttons\1229_button_1b_over.bmp
C:\ProgramData\Starware408\buttons\Button_50.bmp
C:\ProgramData\Starware408\buttons\Button_60.bmp
C:\ProgramData\Starware408\buttons\Button_70.bmp
C:\ProgramData\Starware408\buttons\FindIt.bmp
C:\ProgramData\Starware408\buttons\FindItHot.bmp
C:\ProgramData\Starware408\buttons\findithotxp.png
C:\ProgramData\Starware408\buttons\finditxp.png
C:\ProgramData\Starware408\buttons\logo.bmp
C:\ProgramData\Starware408\buttons\logoxp.bmp
C:\ProgramData\Starware408\buttons\Weather.bmp
C:\ProgramData\Starware408\buttons\WeatherHot.bmp
C:\ProgramData\Starware408\buttons\weatherhotxp.png
C:\ProgramData\Starware408\buttons\weatherxp.png
C:\ProgramData\Starware408\contexts\error.xml
C:\ProgramData\Starware408\contexts\related.xml
C:\ProgramData\Starware408\contexts\travel.xml
C:\ProgramData\Starware408\images\clear.bmp
C:\ProgramData\Starware408\images\walertXP.bmp
----- BITS: Possible infected sites -----
hxxp://ceement.rssx.hp.com
.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 16:38 --------- d-----w C:\Users\Claude\AppData\Roaming\ErrorSmart
2008-04-27 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 05:12 19,872 ----a-w C:\Users\Claude\AppData\Roaming\nvModes.dat
2008-04-26 17:09 --------- d-----w C:\ProgramData\Symantec
2008-04-26 17:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-26 16:36 --------- d-----w C:\Users\Claude\AppData\Roaming\Symantec
2008-04-26 16:33 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-26 16:32 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-04-26 16:32 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-04-26 16:32 10,563 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-04-26 16:32 --------- d-----w C:\Program Files\Symantec
2008-04-26 15:41 --------- d-----w C:\ProgramData\Symantec Temporary Files
2008-04-26 14:55 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-26 14:55 --------- d-----w C:\Program Files\Windows Mail
2008-04-26 14:53 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-26 09:10 --------- d-----w C:\Program Files\Alwil Software
2008-04-16 18:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-04-07 00:58 --------- d-----w C:\Program Files\SopCast
2008-04-06 14:30 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-31 02:36 --------- d-----w C:\Program Files\iTunes
2008-03-31 02:36 --------- d-----w C:\Program Files\iPod
2008-03-31 02:23 --------- d-----w C:\Program Files\LimeWire
2008-03-26 00:06 --------- d-----w C:\ProgramData\DassaultSystemes
2008-03-22 03:52 --------- d-----w C:\Program Files\Dassault Systemes
2008-03-07 21:02 --------- d-----w C:\Program Files\epson
2008-03-07 01:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-03-04 23:55 --------- d-----w C:\Program Files\Softland
2008-03-04 23:47 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_4568.exe
2008-03-04 23:47 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-03-04 23:47 --------- d-----w C:\Program Files\PDFCreator
2008-03-03 18:40 --------- d-----w C:\Program Files\NCH Swift Sound
2008-03-03 18:14 --------- d-----w C:\ProgramData\Autodesk
2008-03-02 17:00 --------- d-----w C:\Users\Claude\AppData\Roaming\DassaultSystemes
2008-03-02 08:04 --------- d-----w C:\Program Files\Windows Live
2008-02-29 23:31 --------- d-----w C:\Program Files\Learning Essentials
2008-02-29 19:26 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-29 16:58 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-29 16:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 16:37 --------- d-----w C:\ProgramData\WLInstaller
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:32 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:32 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 02:32 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-01 16:11 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2007-12-06 19:49 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-06 19:49 32 ----a-w C:\ProgramData\ezsid.dat
2007-09-01 16:58 174 --sha-w C:\Program Files\desktop.ini
2007-08-18 02:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-18 02:22 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-18 02:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-07 00:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-26 12:29 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 00:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 00:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 17:32 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"="" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 01:14 833072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-21 06:11 77824]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 00:25 90191]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 00:25 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 00:25 7766016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM246ee76a]
C:\Users\Claude\AppData\Local\Temp\spdyejti.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
--------- 2008-04-25 20:00 281088 C:\Users\Claude\AppData\Local\Temp\nnnlmLfF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-10-18 13:32 472800 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-31 18:44 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_3918854]
--a------ 2006-06-13 12:11 351000 C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-11-06 14:58 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-12-02 20:32 167936 C:\Program Files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-27 19:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
--a------ 2007-07-02 13:24 7394608 C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-04-12 10:01 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 08:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-07-16 15:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9257FA5E-3DB8-4481-99EA-B47A38702D36}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{0D8EA2D3-9BE9-4D81-A976-3E85C8A38AEF}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{FC0D3F8C-4FB3-46B1-96F2-B43EDEC4A758}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{AAF8EF7A-0E7C-4D05-9753-85AAEA97D472}"= C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{946A479A-F395-4E4F-9E31-2D27D65115A3}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{38784E67-63A9-4AF9-9918-9B2BB3AB977E}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{1C849C3A-A6B4-4CC4-80CA-CD9CE0036DAB}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{1B5215C4-F369-4416-BF9E-F6E2F0D09A5B}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{E40D3E8B-DB6D-4546-8310-BC9B655E2D37}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{488F73E7-E218-4FAD-AF4A-A4E1F31AB0DC}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B37B5199-CD37-42D2-9A70-A2CA94CC5DA5}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B3B5CE9-C5E7-4A61-B9DD-831BD9ADF0E2}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B5159F96-FE61-46AD-BD1F-78A80378DC01}"= UDP:23813:BitComet 23813 TCP
"{4920E2B4-82BB-4944-9C3D-769C7688C196}"= TCP:23813:BitComet 23813 UDP
"TCP Query User{F63F43AC-3B12-445E-A20E-E02CDF77D91B}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C8D56D7E-C80C-4066-992F-55438B330D3D}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{33825BB1-3D5C-435D-8BDE-F2464C279C09}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{0585F28B-62ED-4E09-8425-65E5AFB46555}C:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{5E48C32E-EC44-48AD-AE86-76B64BDE2960}C:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{39F500FF-0609-47A5-B9F1-E92EEAE0CBA7}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0B8DA448-F81D-46EE-9547-4F694B1E74F1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{71EF411B-6A86-4C20-A48A-F064D06D4641}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{437215F4-6032-45FB-8096-AD8684AD616C}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{CB3B34E2-75C1-4427-9FC1-1B5A4F7DC9AE}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{167C44C4-8853-41A4-8BFE-E12DF45A28F2}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{B2023395-0F69-41B4-8901-86C5425B0274}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{A383CD92-9F27-4118-8D85-0ACD3F7A63AE}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{6B980CF3-3C2C-468F-825E-996A6E41DD87}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BD8E2B14-A341-4F5F-B75C-35A2BD98549A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{A94BD2E1-17C0-4FBE-BCAF-44C8BAD1908F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7856D159-5F5A-4CE2-BB07-F92832176BA9}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{643DC6C8-B8C3-4D35-B1A2-4B07FDB509BB}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{A7730E66-A938-4101-9E79-5D71EFB78058}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{4F9205AA-3367-4EE4-9B1B-75610FDA2319}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{93F94556-74E5-4C47-94AE-8FDF3C7BC133}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{23F51E85-6783-421B-911B-70D321BF1502}C:\\program files\\maple 10\\jre\\bin\\java.exe"= UDP:C:\program files\maple 10\jre\bin\java.exe:java
"UDP Query User{854D34CD-7358-4BE9-94ED-B8E3C8D7ACA8}C:\\program files\\maple 10\\jre\\bin\\java.exe"= TCP:C:\program files\maple 10\jre\bin\java.exe:java
"TCP Query User{9DAA784F-1A97-46A9-9418-0C904AFA19E7}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple
"UDP Query User{03328B7C-A208-40B2-800A-7EAAC61AF12E}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple
"{0DFBAF16-D929-41AF-B3C2-BD34B2A6A6C3}"= UDP:23813:BitComet 23813 TCP
"{82C0B3B8-7ACF-4F13-83B2-CAA5F11A3D63}"= TCP:23813:BitComet 23813 UDP
"TCP Query User{C7B8DCC0-09EF-4114-857D-70A9702974B9}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{C77C9789-8150-4CC2-B937-651D2B7A6BB5}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{87F33A32-B784-4254-A1D9-066EBA1C2506}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{50EC9824-F301-4125-BB3A-DBE5B0CC12F5}C:\\users\\claude\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\claude\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{251C980B-7936-4516-822A-BD75F3294C63}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{67634E46-42BF-40B7-8D9D-EC14D9426466}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{D5D94E50-8A98-4C83-84FC-1FA4D7D6A5AB}"= UDP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{B01C4154-80C9-4D2A-8FE0-D9FE5A71E95B}"= TCP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"TCP Query User{6D5905EF-3133-436C-A608-BD21C8E5E5DA}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{14B9F3F5-039F-421F-B893-7808671BF89C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{E98541F7-9FC1-400E-B51A-5E04FAAC999E}C:\\program files\\apache group\\apache2\\bin\\apache.exe"= UDP:C:\program files\apache group\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{245A1BCB-E679-44C9-B782-6483931971AC}C:\\program files\\apache group\\apache2\\bin\\apache.exe"= TCP:C:\program files\apache group\apache2\bin\apache.exe:Apache HTTP Server
"{A9A2F8FF-A526-485A-9AB4-FEBD3D282899}"= UDP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{412293C4-FB88-46CF-87D6-0A27613D844E}"= TCP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{DD46375E-8FAF-4C29-9C4F-A6ECC63BCE3C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9956F3ED-5918-4EBF-A5B7-15972DF5A550}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{ACDF7209-5729-4426-9E53-2DDBE14C45BD}C:\\downloads\\emule 0.48a\\emule\\emule.exe"= UDP:C:\downloads\emule 0.48a\emule\emule.exe:eMule
"UDP Query User{7A09D7B2-CCA8-4F05-A905-3D9EB0F74528}C:\\downloads\\emule 0.48a\\emule\\emule.exe"= TCP:C:\downloads\emule 0.48a\emule\emule.exe:eMule
"TCP Query User{7B43C98B-553D-4A7F-86E1-A4167D6C26AE}C:\\users\\claude\\appdata\\local\\temp\\temp1_emule0.48a[1].zip\\emule0.48a\\emule.exe"= UDP:C:\users\claude\appdata\local\temp\temp1_emule0.48a[1].zip\emule0.48a\emule.exe:emule.exe
"UDP Query User{8B0FB110-CD82-47CE-B41C-93E61DBCC8C7}C:\\users\\claude\\appdata\\local\\temp\\temp1_emule0.48a[1].zip\\emule0.48a\\emule.exe"= TCP:C:\users\claude\appdata\local\temp\temp1_emule0.48a[1].zip\emule0.48a\emule.exe:emule.exe
"{B293F821-319B-4F19-9BE2-A85DECFC6680}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{F6CADF11-D19C-4549-B494-105A527FFE6D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{C6A1B8A6-ADC1-49F8-A5E6-06CC8797ACDC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{214DC07B-E9DD-4BC5-A5F2-0A2C4EA4815E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{64CCD189-AF5D-4968-AAC4-28783751EF6E}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{D107C76D-4E83-4D44-B281-7840646D36EF}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{4CFD00F5-FB87-4BE0-BE2B-5BB4DEAAC477}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9594DBAA-DE99-40F6-A09F-BD43CF214628}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{25BE74DB-C1E0-4977-914D-9AE8C3037AE8}C:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"UDP Query User{DB35F8AB-C752-4AD2-A92C-045F8C93A09A}C:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:C:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"TCP Query User{3614789C-D706-47D0-A59A-F9943EBD0584}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{CC0BC0BB-C34A-42E4-BDBA-8E190B86067C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{525514F4-0B52-4ADD-9D9F-08D1DF542270}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{B7585B18-5C7C-4DE7-BB4D-A501D5B2EB7C}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{D582EBB5-CFA4-47BF-8FB5-65FFCFA04070}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{642D3AC3-05CE-41FC-A532-60C38D4D9875}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{B5A4A7D5-19FD-42FF-9E8C-3B171F7FA902}C:\\program files\\sopcast\\sopvod.exe"= UDP:C:\program files\sopcast\sopvod.exe:sopvod
"UDP Query User{0AA9864C-5948-48B7-90D5-53B109DEB05D}C:\\program files\\sopcast\\sopvod.exe"= TCP:C:\program files\sopcast\sopvod.exe:sopvod
"{5C4EE88A-72C1-4B50-81CF-8C175741DF47}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6FB67D6C-B89C-4C19-840C-AD546EAAF6D7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{033955B6-BFD2-4257-AAA6-B4DE818A13CE}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{C24EE2F7-0BE1-4192-BAC9-07950304299A}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{4657367F-A147-4B3A-B1EF-07A403F4388C}"= UDP:C:\Program Files\PoivY.com\PoivY\PoivY.exe:PoivY
"{F0D849F0-262D-4DC7-BA7E-683014A405C0}"= TCP:C:\Program Files\PoivY.com\PoivY\PoivY.exe:PoivY
"{7FC335FC-E3BA-44BC-B00E-E2E98395AE14}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{97E87FA9-6821-403C-ADDB-F05A146B00D4}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\orbixd.exe"= UDP:C:\program files\dassault systemes\b16\intel_a\code\bin\orbixd.exe:orbixd
"UDP Query User{055966C2-852D-44F3-B0A5-7AD3E5B711A7}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\orbixd.exe"= TCP:C:\program files\dassault systemes\b16\intel_a\code\bin\orbixd.exe:orbixd
"TCP Query User{FC916EC6-C6C4-47C7-B000-23A7E4D38434}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\cnext.exe"= UDP:C:\program files\dassault systemes\b16\intel_a\code\bin\cnext.exe:CATIA
"UDP Query User{CD9F2EDD-804D-4F3A-AFD4-C342E99105D9}C:\\program files\\dassault systemes\\b16\\intel_a\\code\\bin\\cnext.exe"= TCP:C:\program files\dassault systemes\b16\intel_a\code\bin\cnext.exe:CATIA
"{1DE1DD62-ECE9-4BBD-858D-6A1157F1981C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{65F59B1A-A93F-42EB-AAAA-3094B2B055AD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080425.001\IDSvix86.sys [2008-03-20 16:37]
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service []
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 05:39]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 04:44]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 15:34]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 15:43]
S3 LUMDriver;LUMDriver;C:\Windows\system32\drivers\LUMDriver.sys [2003-07-11 09:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48f8c523-c39f-11db-a9cf-001636cea027}]
\shell\Auto\command - F:\Cn911.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 16:38:19 C:\Windows\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.Claude+Runs ErrorSmart to optimize your registry.
"2008-04-26 18:43:53 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Claude.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 14:34:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 19
**************************************************************************
.
Completion time: 2008-04-27 14:40:53
ComboFix-quarantined-files.txt 2008-04-27 18:40:43
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
312 --- E O F --- 2008-04-26 14:53:07