Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Folders turned into shortcuts


  • This topic is locked This topic is locked
2 replies to this topic

#1 Meemz

Meemz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 18 December 2010 - 08:19 AM

Hi,

I wonder if someone can help me.
On my Ipod, Mobile phone, USB, all my folders has now turned into a shortcut and i can not access to any of those folders. Once i click the folder i always get a message saying "The item voahesx.exe that this shortcut refers to has been changed or moved". I did an Avast scan but it does not solve the problem so i used CamboFix.

This problem comes from a friend's computer, we once used his USB USB drive and he infected my and another friend's computer.

Here's my CamboFix report, i hope you can help me with the problem. I thought of formating my PC but when i'll use my external hard drive to save my folders, it will also be infected so it will not solve the problem.

ComboFix 10-12-17.02 - Admin 18/12/2010 12:40:06.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.953.438 [GMT 0:00]
Lancé depuis: d:\documents and settings\Admin\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Admin\Cookies.lnk
d:\documents and settings\Admin\joateox.exe
d:\documents and settings\Admin\shlob.exe
d:\documents and settings\All Users\Application Data\hpeF318.dll
d:\program files\msvbvm60.dll
d:\windows\system32\AutoRun.inf
d:\windows\system32\kr_done1
d:\windows\system32\sshnas21.dll
d:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((((((( Fichiers créés du 2010-11-18 au 2010-12-18 ))))))))))))))))))))))))))))))))))))
.

2010-12-18 11:19 . 2010-09-07 14:52 165584 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-12-18 11:19 . 2010-09-07 14:47 17744 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-12-18 11:19 . 2010-09-07 14:47 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-12-18 11:19 . 2010-09-07 14:52 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-12-18 11:19 . 2010-09-07 14:47 100176 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-12-18 11:19 . 2010-09-07 14:47 94544 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-12-18 11:19 . 2010-09-07 14:46 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-12-18 11:19 . 2010-09-07 15:12 38848 ----a-w- d:\windows\avastSS.scr
2010-12-18 11:19 . 2010-09-07 15:11 167592 ----a-w- d:\windows\system32\aswBoot.exe
2010-12-18 11:18 . 2010-12-18 11:18 -------- d-----w- d:\documents and settings\All Users\Application Data\Alwil Software
2010-12-18 11:17 . 2010-12-18 07:29 230912 ----a-w- d:\windows\Xbycad.exe
2010-12-18 07:28 . 2010-12-17 19:45 230912 ----a-w- d:\windows\Xbycac.exe
2010-12-17 20:29 . 2010-12-17 19:45 230912 ----a-w- d:\windows\Xbycab.exe
2010-12-17 20:21 . 2010-12-17 20:21 -------- d-----w- d:\program files\Ad-Remover
2010-12-16 09:51 . 2010-12-03 19:50 25048 ----a-w- d:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-12-16 09:51 . 2010-12-03 19:50 140248 ----a-w- d:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-12-16 09:51 . 2010-12-03 19:50 11775448 ----a-w- d:\program files\Mozilla Firefox\xul.dll
2010-12-16 09:51 . 2010-12-03 19:50 89048 ----a-w- d:\program files\Mozilla Firefox\nssutil3.dll
2010-12-16 09:51 . 2010-12-03 19:50 719832 ----a-w- d:\program files\Mozilla Firefox\mozcrt19.dll
2010-12-16 09:51 . 2010-12-03 19:50 719832 ----a-w- d:\program files\Mozilla Firefox\mozcpp19.dll
2010-12-16 09:51 . 2010-12-03 19:50 492504 ----a-w- d:\program files\Mozilla Firefox\sqlite3.dll
2010-12-16 09:51 . 2010-12-03 19:50 16856 ----a-w- d:\program files\Mozilla Firefox\plugin-container.exe
2010-12-16 09:51 . 2010-12-03 19:50 107480 ----a-w- d:\program files\Mozilla Firefox\crashreporter.exe
2010-12-16 09:51 . 2010-12-03 17:36 98304 ----a-w- d:\program files\Mozilla Firefox\nssdbm3.dll
2010-12-15 20:55 . 2010-12-15 21:02 -------- d-----w- d:\documents and settings\Admin\Local Settings\Application Data\Deployment
2010-12-13 12:09 . 2010-12-13 12:09 -------- d-----w- d:\program files\Fichiers communs\Skype

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 17:23 . 2010-08-25 17:23 83456 ----a-w- d:\program files\olepro32.dll
2010-08-25 17:23 . 2010-08-25 17:23 553472 ----a-w- d:\program files\oleaut32.dll
2010-08-25 17:23 . 2010-08-25 17:23 118784 ----a-w- d:\program files\MSSTDFMT.DLL
2010-08-25 17:23 . 2010-08-25 17:23 526848 ----a-w- d:\program files\hhctrl.ocx
2010-08-25 17:23 . 2010-08-25 17:23 407104 ----a-w- d:\program files\MSHFLXGD.OCX
2010-08-25 17:23 . 2010-08-25 17:23 143872 ----a-w- d:\program files\itircl.dll
2010-08-25 17:23 . 2010-08-25 17:23 134144 ----a-w- d:\program files\itss.dll
2010-08-25 17:23 . 2010-08-25 17:23 65024 ----a-w- d:\program files\asycfilt.dll
2010-08-25 17:23 . 2010-08-25 17:23 22288 ----a-w- d:\program files\COMCAT.DLL
2010-08-25 17:23 . 2010-08-25 17:23 152848 ----a-w- d:\program files\Comdlg32.ocx
2010-08-25 17:23 . 2010-08-25 17:23 114688 ----a-w- d:\program files\AnyBouton.ocx
2010-08-25 17:23 . 2010-08-25 17:23 1081616 ----a-w- d:\program files\MSCOMCTL.OCX
2010-08-25 17:23 . 2010-08-25 17:23 737280 ----a-w- d:\program files\SauvPassV4.exe
.

------- Sigcheck -------

[-] 2009-10-12 . C1E9078170B3AE04D9E729CC152144BD . 1548288 . . [5.1.2600.2180] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SuperCopier2.exe"="d:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"REVAService"="d:\program files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe" [2008-12-02 23040]
"UMService"="d:\program files\LG Electronics\Modem USB LG Electronics\UMAService.exe" [2008-05-09 28672]
"Google Update"="d:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-15 136176]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Alarm Clock"="d:\program files\PC Alarm Clock\pcalarmclock.exe" [2006-02-02 1254400]
"TkBellExe"="d:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-18 202256]
"avast5"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\D:^Documents and Settings^Admin^Menu Démarrer^Programmes^Démarrage^Dropbox.lnk]
path=d:\documents and settings\Admin\Menu Démarrer\Programmes\Démarrage\Dropbox.lnk
backup=d:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=d:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- d:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:54 15360 ----a-w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- d:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- d:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-05 09:09 170520 ----a-w- d:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-05 09:09 150040 ----a-w- d:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2004-09-13 10:51 1450096 ------w- d:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2007-05-18 00:05 37392 ----a-r- d:\program files\Mindjet\MindManager 7\MmReminderService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- d:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-11-30 11:36 1945600 ------w- d:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
2007-10-31 20:18 204800 ----a-w- d:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-05 09:09 141848 ----a-w- d:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REVAService]
2008-12-02 10:54 23040 ----a-w- d:\program files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 14:41 434176 ----a-w- d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-24 12:43 884736 ----a-w- d:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-04-04 14:09 1044480 ----a-w- d:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-19 21:13 149280 ----a-w- d:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2009-08-16 19:36 955392 ----a-w- d:\program files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-18 10:01 202256 ----a-w- d:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UMService]
2008-05-09 18:07 28672 ----a-w- d:\program files\LG Electronics\Modem USB LG Electronics\UMAService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- d:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"d:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"d:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"d:\\Program Files\\Free Download Manager\\fdm.exe"=
"d:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\IBP 10\\IBP.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;d:\windows\system32\drivers\sfaudio.sys [28/03/2008 09:14 24064]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [18/12/2010 11:19 165584]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;d:\program files\Fichiers communs\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [22/12/2009 02:08 814344]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [18/12/2010 11:19 17744]
R2 DeviceManager;DeviceManager;d:\program files\Fichiers communs\DeviceHelper\DeviceManager.exe -start --> d:\program files\Fichiers communs\DeviceHelper\DeviceManager.exe -start [?]
R2 EmmaDevMgmtSvc;Emma Device Management;d:\program files\Fichiers communs\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [16/12/2009 13:36 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;d:\program files\Fichiers communs\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [16/12/2009 13:36 162936]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [24/01/2010 15:35 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;d:\windows\system32\drivers\seehcri.sys [14/11/2009 21:31 27632]
S3 bepldr;BCL easyPDF SDK 5 Loader;d:\program files\Fichiers communs\BCL Technologies\easyPDF 5\bepldr.exe [22/08/2007 16:19 151552]
S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [24/01/2010 15:50 13224]
S3 hwusbdev;Huawei DataCard USB PNP Device;d:\windows\system32\drivers\ewusbdev.sys [25/10/2010 01:38 100736]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;d:\windows\system32\drivers\qcusbser.sys [27/04/2010 19:36 103552]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [14/11/2009 21:30 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [14/11/2009 21:30 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [14/11/2009 21:30 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [14/11/2009 21:30 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [14/11/2009 21:30 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [14/11/2009 21:30 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [14/11/2009 21:31 115752]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;d:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 03:40 56448]
S3 UsbEvdoAtc;LGE EVDO USB Serial Port;d:\windows\system32\drivers\lgevdoatc.sys [08/12/2009 08:24 19840]
S3 usbevdobus;LGE EVDO Composite USB Device;d:\windows\system32\drivers\lgevdobus.sys [08/12/2009 08:24 12800]
S3 UsbEvdoDiag;LGE EVDO USB Serial DM Port;d:\windows\system32\drivers\lgevdodiag.sys [08/12/2009 08:24 19840]
S3 UsbEvdomAtc;LGE EVDOM USB Serial Port;d:\windows\system32\drivers\lgevdomatc.sys [28/04/2010 14:49 19840]
S3 usbevdombus;LGE EVDOM Composite USB Device;d:\windows\system32\drivers\lgevdombus.sys [28/04/2010 14:49 13696]
S3 UsbEvdomDiag;LGE EVDOM USB Serial DM Port;d:\windows\system32\drivers\lgevdomdiag.sys [28/04/2010 14:49 19840]
S3 USBEVDOmModem;LGE EVDOM USB Modem;d:\windows\system32\drivers\lgevdommodem.sys [28/04/2010 14:49 21632]
S3 USBEVDOModem;LGE EVDO USB Modem;d:\windows\system32\drivers\lgevdomodem.sys [08/12/2009 08:24 21632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contenu du dossier 'Tâches planifiées'

2010-12-17 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-854245398-725345543-1003Core.job
- d:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-15 21:02]

2010-12-18 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-854245398-725345543-1003UA.job
- d:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-15 21:02]

2010-12-18 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-854245398-725345543-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-12-18 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-854245398-725345543-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-12-16 d:\windows\Tasks\winamp.job
- d:\program files\Winamp\winamp.exe [2009-07-01 16:38]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Tout télécharger avec Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - d:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\be1zlgvi.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: United States English Dictionary: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - d:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
------- Associations de fichier -------
.
.reg=Regedit.Document
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-IBP - (no file)
HKCU-Run-VoipBuster - d:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe
HKCU-Run-WMUTray.exe - d:\program files\WakeMeUp\WMUTray.exe
HKCU-Run-joateo - d:\documents and settings\Admin\joateo.exe
HKCU-Run-maeni - d:\documents and settings\Admin\maeni.exe
HKCU-Run-shlob - d:\documents and settings\Admin\shlob.exe
HKLM-Run-WMUAgent.exe - d:\program files\WakeMeUp\WMUAgent.exe
MSConfigStartUp-fklogger - d:\program files\FKRMonitor\fklogger.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-18 12:49
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3996)
d:\windows\system32\btmmhook.dll
d:\program files\Windows Desktop Search\deskbar.dll
d:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
d:\program files\Windows Desktop Search\dbres.dll
d:\program files\Windows Desktop Search\wordwheel.dll
d:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
d:\program files\Windows Desktop Search\msnlExtRes.dll
d:\windows\system32\msi.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\btncopy.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
d:\program files\Ahead\InCD\InCDsrv.exe
d:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
d:\program files\Alwil Software\Avast5\AvastSvc.exe
d:\windows\System32\SCardSvr.exe
d:\windows\system32\agrsmsvc.exe
d:\windows\system32\ASTSRV.EXE
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Fichiers communs\DeviceHelper\DeviceManager.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
d:\windows\system32\SearchIndexer.exe
d:\windows\system32\wbem\wmiapsrv.exe
d:\windows\system32\wscntfy.exe
d:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
d:\windows\system32\SearchProtocolHost.exe
d:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Heure de fin: 2010-12-18 12:54:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-12-18 12:54

Avant-CF: 18 377 150 464 octets libres
Après-CF: 18 848 874 496 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 1F0009FB8F5B5D1E62572C922C23AFDD


Thank you

Edited by boopme, 18 December 2010 - 11:05 AM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:10 AM

Posted 28 December 2010 - 05:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 03 January 2011 - 08:51 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users