BleepingComputer.com: unwanted pages on firefox

Hi,
for the last few weeks I have been having all sorts of unwanted pages on my firefox browser, as I work on websites building I use also opera, IE, safari etc. but the problem is only on firefox. I unfortunetaly went a few time on megaupload and it seems that it all began there... The pages are advertisements, usually pretty ugly and even sometimes with sounds. I tried a reinstallation of firefox without success. I use G data and superantispyware, I also ran malwarebytes, and I can't get rid of those pages. Could anyone help me?

This post has been edited by Orange Blossom: 14 July 2011 - 01:39 PM
Reason for edit: Moved to AII from Windows 7. ~ OB

Welcome aboard

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
  
• Report FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List last 10 Event Viewer log
  
• List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

hello, again thanks for your help (and sorry for this late reply) here are the results of the four scans :

jii Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
G Data AntiVirus 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 16
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.1.0) - Français
Mozilla Firefox (x86 fr..) Firefox Out of Date!
Mozilla Thunderbird (3.1.11) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
G Data AntiVirus AVK AVKWCtl.exe
G Data AntiVirus AVK AVKService.exe
G Data AntiVirus AVKTray AVKTray.exe
``````````End of Log````````````


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Version de la base de données: 7248

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23/07/2011 12:15:12
mbam-log-2011-07-23 (12-15-12).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 197860
Temps écoulé: 8 minute(s), 48 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

--just noticed it was in french, I hope it's not a problem, anyway it says nothing was found...--

MiniToolBox by Farbar
Ran by andre (administrator) on 23-07-2011 at 10:53:10
Windows 7 Ultimate Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0
========================= Hosts content: =================================

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost127.0.0.1 localhost
========================= IP Configuration: ================================

# ----------------------------------
# Configuration du protocole IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Fin de la configuration du protocole IPv4



Configuration IP de Windows

Nom de l'h“te . . . . . . . . . . : noumerouno
Suffixe DNS principal . . . . . . :
Type de noeud. . . . . . . . . . : Hybride
Routage IP activ‚ . . . . . . . . : Non
Proxy WINS activ‚ . . . . . . . . : Non
Liste de recherche du suffixe DNS.: home

Carte Ethernet Connexion au r‚seau local :

Suffixe DNS propre … la connexion. . . : home
Description. . . . . . . . . . . . . . : Connexion r‚seau Intel® PRO/100
Adresse physique . . . . . . . . . . . : 00-13-72-D8-D7-A5
DHCP activ‚. . . . . . . . . . . . . . : Oui
Configuration automatique activ‚e. . . : Oui
Adresse IPv6 de liaison locale. . . . .: fe80::8cc5:ef9f:275d:61ea%10(pr‚f‚r‚)
Adresse IPv4. . . . . . . . . . . . . .: 192.168.1.10(pr‚f‚r‚)
Masque de sous-r‚seau. . . .ÿ. . . . . : 255.255.255.0
Bail obtenu. . . . . . . . .ÿ. . . . . : vendredi 22 juillet 2011 10:53:09
Bail expirant. . . . . . . . .ÿ. . . . : vendredi 29 juillet 2011 10:53:09
Passerelle par d‚faut. . . .ÿ. . . . . : 192.168.1.1
Serveur DHCP . . . . . . . . . . . . . : 192.168.1.1
IAID DHCPv6 . . . . . . . . . . . : 234886002
DUID de client DHCPv6. . . . . . . . : 00-01-00-01-15-35-0C-5D-00-13-72-D8-D7-A5
Serveurs DNS. . . . . . . . . . . . . : 192.168.1.1
NetBIOS sur Tcpip. . . . . . . . . . . : Activ‚

Carte Tunnel isatap.home :

Statut du m‚dia. . . . . . . . . . . . : M‚dia d‚connect‚
Suffixe DNS propre … la connexion. . . : home
Description. . . . . . . . . . . . . . : Carte Microsoft ISATAP
Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP activ‚. . . . . . . . . . . . . . : Non
Configuration automatique activ‚e. . . : Oui

Carte Tunnel Connexion au r‚seau local* 6 :

Suffixe DNS propre … la connexion. . . :
Description. . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP activ‚. . . . . . . . . . . . . . : Non
Configuration automatique activ‚e. . . : Oui
Adresse IPv6. . . . . . . . . . .ÿ. . .: 2001:0:5ef5:79fd:2c1f:12aa:a5fb:7597(pr‚f‚r‚)
Adresse IPv6 de liaison locale. . . . .: fe80::2c1f:12aa:a5fb:7597%12(pr‚f‚r‚)
Passerelle par d‚faut. . . .ÿ. . . . . : ::
NetBIOS sur TCPIP. . . . . . . . . . . : D‚sactiv‚
Serveur : HSIB.home
Address: 192.168.1.1

Nom : google.com
Addresses: 209.85.148.105
209.85.148.103
209.85.148.99
209.85.148.104
209.85.148.147
209.85.148.106


Envoi d'une requˆte 'ping' sur google.com [209.85.148.105] avec 32 octets de donn‚esÿ:
R‚ponse de 209.85.148.105ÿ: octets=32 temps=57 ms TTL=53
R‚ponse de 209.85.148.105ÿ: octets=32 temps=57 ms TTL=53

Statistiques Ping pour 209.85.148.105:
Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
Minimum = 57ms, Maximum = 57ms, Moyenne = 57ms
Serveur : HSIB.home
Address: 192.168.1.1

Nom : yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Envoi d'une requˆte 'ping' sur yahoo.com [67.195.160.76] avec 32 octets de donn‚esÿ:
R‚ponse de 67.195.160.76ÿ: octets=32 temps=140 ms TTL=50
R‚ponse de 67.195.160.76ÿ: octets=32 temps=136 ms TTL=50

Statistiques Ping pour 67.195.160.76:
Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
Minimum = 136ms, Maximum = 140ms, Moyenne = 138ms

Envoi d'une requˆte 'Ping' 127.0.0.1 avec 32 octets de donn‚esÿ:
R‚ponse de 127.0.0.1ÿ: octets=32 temps=7 ms TTL=128
R‚ponse de 127.0.0.1ÿ: octets=32 temps=2 ms TTL=128

Statistiques Ping pour 127.0.0.1:
Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
Minimum = 2ms, Maximum = 7ms, Moyenne = 4ms
===========================================================================
Liste d'Interfaces
10...00 13 72 d8 d7 a5 ......Connexion r‚seau Intel® PRO/100
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Carte Microsoft ISATAP
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Table de routage
===========================================================================
Itin‚raires actifsÿ:
Destination r‚seau Masque r‚seau Adr. passerelle Adr. interface M‚trique
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.10 276
192.168.1.10 255.255.255.255 On-link 192.168.1.10 276
192.168.1.255 255.255.255.255 On-link 192.168.1.10 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.10 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.10 276
===========================================================================
Itin‚raires persistantsÿ:
Aucun

IPv6 Table de routage
===========================================================================
Itin‚raires actifsÿ:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:2c1f:12aa:a5fb:7597/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::2c1f:12aa:a5fb:7597/128
On-link
10 276 fe80::8cc5:ef9f:275d:61ea/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Itin‚raires persistantsÿ:
Aucun

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/22/2011 06:49:30 PM) (Source: SideBySide) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (07/22/2011 06:49:28 PM) (Source: SideBySide) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (07/22/2011 06:43:17 PM) (Source: SideBySide) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (07/22/2011 10:54:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2011 09:21:08 AM) (Source: Application Hang) (User: )
Description: Le programme emule.exe version 0.50.0.4 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : 1160

Heure de début : 01cc472833ba2d7e

Heure de fin : 33

Chemin d’accès de l’application : G:\eMule\emule.exe

ID de rapport : e680b9fd-b369-11e0-b172-001372d8d7a5

Error: (07/19/2011 06:54:13 PM) (Source: Application Hang) (User: )
Description: Le programme filezilla.exe version 3.5.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : a60

Heure de début : 01cc45a033924d69

Heure de fin : 287

Chemin d’accès de l’application : C:\Program Files\FileZilla FTP Client\filezilla.exe

ID de rapport : b59f2766-b227-11e0-b172-001372d8d7a5

Error: (07/19/2011 01:29:35 AM) (Source: Windows Search Service) (User: )
Description: Le service de recherche Windows a été arrêté à cause d’un problème avec l’indexeur : The catalog is corrupt.

Contexte : Application Windows, Catalogue SystemIndex

Détails :
Le catalogue d’index des contenus est endommagé. 0xc0041801 (0xc0041801)

Error: (07/19/2011 01:29:35 AM) (Source: Windows Search Service) (User: )
Description: Le service de recherche a détecté des fichiers de données endommagés dans l’index {id=3910}. Le service tentera de corriger automatiquement ce problème en recréant l’index.

Contexte : Application Windows, Catalogue SystemIndex

Détails :
Le catalogue d’index des contenus est endommagé. 0xc0041801 (0xc0041801)

Error: (07/18/2011 11:13:34 PM) (Source: Application Hang) (User: )
Description: Le programme Explorer.EXE version 6.1.7601.17567 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : e8c

Heure de début : 01cc4572608339c0

Heure de fin : 0

Chemin d’accès de l’application : C:\Windows\Explorer.EXE

ID de rapport : bae80144-b182-11e0-b172-001372d8d7a5

Error: (07/18/2011 08:06:44 PM) (Source: Application Hang) (User: )
Description: Le programme firefox.exe version 5.0.0.4183 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : fb8

Heure de début : 01cc45754ac29fa6

Heure de fin : 78

Chemin d’accès de l’application : C:\Program Files\Mozilla Firefox\firefox.exe

ID de rapport : 9fdb7bea-b168-11e0-b172-001372d8d7a5


System errors:
=============
Error: (07/23/2011 00:17:51 AM) (Source: Disk) (User: )
Description: Le périphérique \Device\Harddisk6\DR6 comporte un bloc défectueux.

Error: (07/23/2011 00:17:48 AM) (Source: Disk) (User: )
Description: Le périphérique \Device\Harddisk6\DR6 comporte un bloc défectueux.

Error: (07/23/2011 00:17:46 AM) (Source: Disk) (User: )
Description: Le périphérique \Device\Harddisk6\DR6 comporte un bloc défectueux.

Error: (07/23/2011 00:17:43 AM) (Source: Disk) (User: )
Description: Le périphérique \Device\Harddisk6\DR6 comporte un bloc défectueux.

Error: (07/23/2011 00:17:40 AM) (Source: Disk) (User: )
Description: Le périphérique \Device\Harddisk6\DR6 comporte un bloc défectueux.

Error: (07/23/2011 00:17:38 AM) (Source: Disk) (User: )
Description: Le périphérique \Device\Harddisk6\DR6 comporte un bloc défectueux.

Error: (07/23/2011 00:17:35 AM) (Source: Disk) (User: )
Description: Le périphérique \Device\Harddisk6\DR6 comporte un bloc défectueux.

Error: (07/23/2011 00:17:33 AM) (Source: Disk) (User: )
Description: Le périphérique \Device\Harddisk6\DR6 comporte un bloc défectueux.

Error: (07/23/2011 00:17:30 AM) (Source: Disk) (User: )
Description: Le périphérique \Device\Harddisk6\DR6 comporte un bloc défectueux.

Error: (07/23/2011 00:17:28 AM) (Source: Disk) (User: )
Description: Le périphérique \Device\Harddisk6\DR6 comporte un bloc défectueux.


Microsoft Office Sessions:
=========================
Error: (07/22/2011 06:49:30 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\OrangeBS\BEWPro\installation\Core\setupApiWrapper64.exe

Error: (07/22/2011 06:49:28 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\OrangeBS\BEWPro\installation\Core\InstallDevice64.exe

Error: (07/22/2011 06:43:17 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\carddetector\ICON505\setupApiWrapper64.exe

Error: (07/22/2011 10:54:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2011 09:21:08 AM) (Source: Application Hang)(User: )
Description: emule.exe0.50.0.4116001cc472833ba2d7e33G:\eMule\emule.exee680b9fd-b369-11e0-b172-001372d8d7a5

Error: (07/19/2011 06:54:13 PM) (Source: Application Hang)(User: )
Description: filezilla.exe3.5.0.0a6001cc45a033924d69287C:\Program Files\FileZilla FTP Client\filezilla.exeb59f2766-b227-11e0-b172-001372d8d7a5

Error: (07/19/2011 01:29:35 AM) (Source: Windows Search Service)(User: )
Description: Contexte : Application Windows, Catalogue SystemIndex

Détails :
Le catalogue d’index des contenus est endommagé. 0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (07/19/2011 01:29:35 AM) (Source: Windows Search Service)(User: )
Description: Contexte : Application Windows, Catalogue SystemIndex

Détails :
Le catalogue d’index des contenus est endommagé. 0xc0041801 (0xc0041801)
3910

Error: (07/18/2011 11:13:34 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567e8c01cc4572608339c00C:\Windows\Explorer.EXEbae80144-b182-11e0-b172-001372d8d7a5

Error: (07/18/2011 08:06:44 PM) (Source: Application Hang)(User: )
Description: firefox.exe5.0.0.4183fb801cc45754ac29fa678C:\Program Files\Mozilla Firefox\firefox.exe9fdb7bea-b168-11e0-b172-001372d8d7a5


========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 2046.15 MB
Available physical RAM: 1072.44 MB
Total Pagefile: 4092.3 MB
Available Pagefile: 1847.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.73 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:160 GB) (Free:76.04 GB) NTFS
5 Drive f: © (Fixed) (Total:72.82 GB) (Free:52.54 GB) NTFS
6 Drive o: (STORE N GO) (Removable) (Total:7.44 GB) (Free:3.87 GB) FAT32

========================= Users: ========================================

comptes d'utilisateurs de \\NOUMEROUNO

Administrateur andre andr‚
‚lise Invit‚
La commande s'est termin‚e correctement.


== End of log ==


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-28 19:27:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD2500JS-75NCB2 rev.10.02E03
Running: sty6y41i.exe; Driver: C:\Users\andre\AppData\Local\Temp\uftcipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 8348E339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834C7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4376] ntdll.dll!LdrLoadDll 76ED22B8 5 Bytes JMP 009412F7 C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging)
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[5416] kernel32.dll!SetUnhandledExceptionFilter 7571F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D82437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D65600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D656BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D824B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D78514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D74CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D7506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D75144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D76671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D7826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D787BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D7901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D7E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D74BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F4FFF6] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3972] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F4FFF6] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3972] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F4FFF6] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3972] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F4FFF6] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (Pilote du système de fichiers NT/Microsoft Corporation)

AttachedDevice tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device volmgr.sys (Volume Manager Driver/Microsoft Corporation)

AttachedDevice fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\ProgramData\G DATA\AVK\Log\AVKLog\0000001988.log 986 bytes

---- EOF - GMER 1.0.15 ----

Re-run MiniToolbox.

Checkmark following boxes:

• Flush DNS
  
• Reset FF Proxy Settings

Click Go and post the result.

Restart computer.

Re-run MiniToolbox again.

Checkmark following boxes:

• Report FF Proxy Settings

Click Go and post the result.

Then...

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Hello,
Here are the results of the three scans you told me to perform..


MiniToolBox by Farbar
Ran by andre (administrator) on 05-08-2011 at 09:58:48
Windows 7 Ultimate Service Pack 1 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Configuration IP de Windows

Cache de r‚solution DNS vid‚.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


== End of log ==
MiniToolBox by Farbar
Ran by andre (administrator) on 05-08-2011 at 10:13:30
Windows 7 Ultimate Service Pack 1 (X86)

***************************************************************************

========================= FF Proxy Settings: ==============================


== End of log ==

GooredFix by jpshortstuff (03.07.10.1)
Log created at 10:19 on 05/08/2011 (andre)
Firefox version 5.0 (fr)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:02 24/06/2011]
{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [14:21 15/05/2011]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [12:40 11/06/2011]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [20:02 12/04/2011]

C:\Users\andre\Application Data\Mozilla\Firefox\Profiles\vow9uazh.default\extensions\
{1018e4d6-728f-4b20-ad56-37578a4de76b} [20:56 16/07/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{fa46cb24-1d5b-4048-911a-2857a0944395}"="C:\Program Files\FVD Suite\addons\Firefox" [20:26 26/05/2011]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [09:36 26/06/2011]

-=E.O.F=-

How are the issues?

Hi,
I still get unwanted advertising sites poping up... One thing I don't understand : I use Gdata antivirus program and when I run the scan it shows a bunch of register keys with "permission denied", is it possible to have a scan working on most of the register? With other program I have used I could run the scan on, I can't remember how you call it in english, the primary 'state' of Windows, but with Gdata it's not working somehow....
again, thanks for your time!
andré

If you're using Firefox 3.x, close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
If you're using Firefox 4, or 5 go Help>Restart Firefox with Add-ons Disabled.
Same issue?

Hi,
so far the issue stopped
andré

Must be some of your addons...

Let's see, if we can find out which one.

Download FoxScan from HERE

Double click on FoxScan.exe to start the scan.
DOS-like window will pop-up.
Press 2 for English. Press Enter.
Be patient. It'll take few minutes.
When the tool is done, it'll display:

Search completed.
Press any key to coninue...

Press any key.
Notepad window titled Rapport-FS.txt will open.
Save the file to known location, and attach it to your next reply.

hello, here is the scan result, I wish you (us) good luck and a very good day.
FoxScan Version 1.1.1
By Loup blanc - Zebulon.fr
Scan started 08/08/2011 at 9:36

Microsoft Windows 7 Ultimate Service Pack 1 [version 6.1.7601]

Mozilla Firefox version : 5.0 (fr)
Installation folder : C:\Program Files\Mozilla Firefox


=================================================================================
---------- User account : andre [Current session]
=================================================================================


Profile name : default
Profile folder : C:\Users\andre\AppData\Roaming\mozilla\firefox\Profiles\vow9uazh.default\


//////////// Setting \\\\\\\\\\\\\
======= Profile name : default =======

Firefox update : Activated
Add-on update : Activated
Search engines update : Activated
Java : Activated
Javascript : Activated
Proxy : No Proxy




//////////// Add-on \\\\\\\\\\\\\

======= Profile name : default =======

Installation notification for Add-on is enabled




//////////// Search plugins \\\\\\\\\\\\\

======= Profile name : default =======

Search in "prefs.js" :

browser.search.defaultenginename :
browser.search.defaulturl :
browser.search.selectedEngine :
keyword.URL :
keyword.enable :


--------- Search engines found ------------
+ Search form configured for the engine





=================================================================================
---------- User account : andr‚
=================================================================================


Profile name : default
Profile folder : C:\Users\andr‚\AppData\Roaming\mozilla\firefox\Profiles\z0ccf60p.default\


//////////// Setting \\\\\\\\\\\\\
======= Profile name : default =======

Firefox update : Activated
Add-on update : Activated
Search engines update : Activated
Java : Activated
Javascript : Activated
Proxy : No Proxy




//////////// Add-on \\\\\\\\\\\\\

======= Profile name : default =======

Installation notification for Add-on is enabled




//////////// Search plugins \\\\\\\\\\\\\

======= Profile name : default =======

Search in "prefs.js" :

browser.search.defaultenginename :
browser.search.defaulturl :
browser.search.selectedEngine : "Google Custom Search"
keyword.URL :
keyword.enable :


--------- Search engines found ------------
+ Search form configured for the engine





=================================================================================
---------- User account : ‚lise
=================================================================================


Profile name : default
Profile folder : C:\Users\‚lise\AppData\Roaming\mozilla\firefox\Profiles\33wak1ea.default\


//////////// Setting \\\\\\\\\\\\\
======= Profile name : default =======

Firefox update : Activated
Add-on update : Activated
Search engines update : Activated
Java : Activated
Javascript : Activated
Proxy : No Proxy




//////////// Add-on \\\\\\\\\\\\\

======= Profile name : default =======

Installation notification for Add-on is enabled




//////////// Search plugins \\\\\\\\\\\\\

======= Profile name : default =======

Search in "prefs.js" :

browser.search.defaultenginename :
browser.search.defaulturl :
browser.search.selectedEngine : "Google Custom Search"
keyword.URL :
keyword.enable :


--------- Search engines found ------------
+ Search form configured for the engine





=================================================================================
---------- Common section
=================================================================================

//////////// DLL found in C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\

browsercomps.dll


------------------------------------------------------

//////////// Search plugins \\\\\\\\\\\\\

--------- Search engines found ------------
+ Search form configured for the engine


C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
Template : http://www.amazon.fr/exec/obidos/external-search/


C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
Template : http://www.bing.com/search


C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
Template : http://www.cnrtl.fr/lexicographie/{searchTerms}


C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
Template : http://rover.ebay.com/rover/1/709-47295-17703-3/4


C:\Program Files\Mozilla Firefox\searchplugins\google.xml
Template : http://www.google.com/search


C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
Template : http://fr.wikipedia.org/wiki/Special:Recherche


C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
Template : http://fr.search.yahoo.com/search



------------------------------------------------------

//////////// Plugins set in registry \\\\\\\\\\\\\


[HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer]
"Description"="Adobe© Flash© Player 10.1 Plugin"
"Vendor"="Adobe Systems Incorporated"
"Path"="C:\Windows\system32\Macromed\Flash\NPSWF32.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@java.com/JavaPlugin]
"Description"="Oracle© Next Generation JavaT Plug-In"
"Vendor"="Oracle Corp."
"Path"="C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@ma-config.com/HardwareDetection]
"Description"="D‚tection mat‚riel Ma-Config.com"
"Vendor"="CybelSoft"
"Path"="C:\Program Files\ma-config.com\nphardwaredetection.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/GENUINE]
"Path"="C:\Windows\system32\Wat\npWatWeb.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"="WLPG Install MIME type"
"Vendor"="Microsoft"
"Path"="C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"="WLPG Install MIME type"
"Vendor"="Microsoft"
"Path"="C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nppl3260;version=12.0.1.647]
"Description"="RealPlayer™ LiveConnect-Enabled Plug-In"
"Vendor"="RealNetworks"
"Path"="c:\program files\real\realplayer\Netscape6\nppl3260.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprjplug;version=12.0.1.647]
"Description"="RealJukebox Netscape Plugin"
"Vendor"="RealNetworks"
"Path"="c:\program files\real\realplayer\Netscape6\nprjplug.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652]
"Description"="RealNetworks™ RealPlayer Chrome Background Extension Plug-In"
"Vendor"="RealNetworks"
"Path"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprphtml5videoshim;version=12.0.1.652]
"Description"="RealPlayer™ HTML5VideoShim Plug-In"
"Vendor"="RealNetworks"
"Path"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"="12.0.1.647"
"Vendor"="RealNetworks"
"Path"="c:\program files\real\realplayer\Netscape6\nprpjplug.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nsJSRealPlayerPlugin;version=]

[HKEY_LOCAL_MACHINE\software\mozillaplugins\Adobe Reader]
"Description"="Handles PDFs in-place in Firefox"
"Vendor"="Adobe Systems Incorporated. Copyright 1994-2010 All Rights Reserved"
"Path"="C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"="Yahoo! activeX Plug-in Bridge"
"Vendor"="Yahoo"
"Path"="C:\Program Files\Yahoo!\Common\npyaxmpb.dll"

[HKEY_CURRENT_USER\software\mozillaplugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]

[HKEY_CURRENT_USER\software\mozillaplugins\@tools.google.com/Google Update;version=3]
"Description"="Google Update"
"Vendor"="Google Inc."
"Path"="C:\Users\andre\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll"

[HKEY_CURRENT_USER\software\mozillaplugins\@tools.google.com/Google Update;version=9]
"Description"="Google Update"
"Vendor"="Google Inc."
"Path"="C:\Users\andre\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll"


------------------------------------------------------

//////////// Additional search... \\\\\\\\\\\\\

==== Additional extension ====

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext"



=========================== End of report ===========================

I don't see too many addons, so I suggest you simply uninstall/reinstall Firefox.
Let me know if it cures the issue.

This post has been edited by Broni: 27 August 2011 - 10:22 AM

Hello,

apparently the problem is solved, many thanks to you
andré

You're very welcome