Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

firefox opening page redirect

Started by bebert , Dec 25 2010 05:19 AM

  • Please log in to reply

#1
bebert
Posted 25 December 2010 - 05:19 AM

bebert

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

Firefox does not open anymore the normal opening page but is redirected to a chinese website (always the same).
Malwarebytes and Kaspersky do not detect anything wrong.
I uninstalled and reinstalled firefox several time including in safe mode but I still have the same problem.
IE is working fine.
This problem appeared after my friend downloaded a couple of free (chinese) games (now uninstalled).
My OS is MS vista, chinese version.

OTL logfile created on: 2010/12/25 18:56:32 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\sony\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy/M/d

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 20.52 Gb Free Space | 23.35% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 94.68 Gb Free Space | 96.96% Space Free | Partition Type: NTFS
Drive E: | 112.54 Gb Total Space | 112.45 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive F: | 301.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SONY-PC | User Name: sony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/25 18:56:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\sony\Desktop\OTL.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/05 20:26:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2010/09/22 13:19:36 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
PRC - [2010/09/22 12:03:38 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/07/18 11:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/04/11 14:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/01 23:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/01/19 12:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/19 12:49:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe


========== Modules (SafeList) ==========

MOD - [2010/12/25 18:56:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\sony\Desktop\OTL.exe
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 09:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/01 23:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/02/11 04:02:20 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\ykx32mpcoinst.dll -- (yksvc)
SRV - [2009/01/19 12:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/01/21 10:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Thunder Network\Thunder\Program\tcphoc.sys -- (tcphoc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/12/22 08:27:41 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/08/12 19:35:34 | 000,227,968 | ---- | M] (TENCENT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\TesSafe.sys -- (TesSafe)
DRV - [2010/08/12 17:40:20 | 000,015,952 | ---- | M] (TENCENT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\TesDrvPt.sys -- (TesDrvPt)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/04/11 04:04:26 | 000,109,608 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/04/11 04:04:26 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/04/11 04:04:24 | 000,084,008 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/04/11 04:03:54 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/03/03 04:16:40 | 004,303,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/02/11 04:02:19 | 000,311,808 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/11/24 23:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/10/23 08:02:29 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/23 08:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/21 10:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 10:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 10:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 10:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 10:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 10:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 10:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 10:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 10:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 10:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 10:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 10:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 10:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 10:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 10:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 10:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 10:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 10:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 10:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 10:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 10:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 10:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 10:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 10:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 10:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 17:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 17:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 17:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 17:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 17:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 17:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 17:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 17:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 17:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 17:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 16:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 16:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 16:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 16:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 16:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 16:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 15:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.yjhy.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.556
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.556
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/08/24 13:16:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/08/24 13:16:25 | 000,000,000 | ---D | M]

[2010/12/25 17:27:34 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\mozilla\Extensions
[2010/12/25 17:28:13 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\mozilla\Firefox\Profiles\ccd5xd8s.default\extensions
[2010/12/25 17:28:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sony\AppData\Roaming\mozilla\Firefox\Profiles\ccd5xd8s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/25 17:28:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/22 20:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/22 21:05:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/23 08:35:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/12/23 08:35:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/03/12 15:16:32 | 000,070,984 | ---- | M] (Tencent Technology (Shenzhen) Company Limited) -- C:\Program Files\Mozilla Firefox\components\QQDownloadFFH.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: 图像发送到 Bluetooth 设备(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: 页面发送到 Bluetooth 设备(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\sony\Desktop\2010-10-13\274.JPG
O24 - Desktop BackupWallPaper: C:\Users\sony\Desktop\2010-10-13\274.JPG
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000/07/17 23:31:33 | 000,000,564 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0a4196d2-ab30-11de-8591-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0a4196d2-ab30-11de-8591-806e6f6e6963}\Shell\adobe\command - "" = F:\GOODIES\AR405FRE.EXE -- [2000/07/17 23:59:14 | 005,982,872 | R--- | M] ()
O33 - MountPoints2\{0a4196d2-ab30-11de-8591-806e6f6e6963}\Shell\AutoRun\command - "" = F:\aocsetup.exe -- [2001/08/26 02:24:08 | 000,553,017 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{0a4196d2-ab30-11de-8591-806e6f6e6963}\Shell\log\command - "" = F:\goodies\machine\machine.exe -- [2000/05/25 10:20:02 | 000,253,952 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{0a4196d2-ab30-11de-8591-806e6f6e6963}\Shell\machine\command - "" = F:\GOODIES\MACHINE\MACHINE.EXE -- [2000/05/25 10:20:02 | 000,253,952 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{0a4196d2-ab30-11de-8591-806e6f6e6963}\Shell\setup\command - "" = F:\aocsetup.exe -- [2001/08/26 02:24:08 | 000,553,017 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{0a4196d2-ab30-11de-8591-806e6f6e6963}\Shell\zone\command - "" = F:\GOODIES\MSZONE\ZONEA660.EXE -- [2000/04/06 07:44:16 | 006,928,087 | R--- | M] ()
O33 - MountPoints2\{3758df86-1941-11df-b141-001dbaf66754}\Shell - "" = AutoRun
O33 - MountPoints2\{3758df86-1941-11df-b141-001dbaf66754}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7498be9a-ab31-11de-a82a-95cf61ba640e}\Shell\Auto\command - "" = H:\sxs2.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/25 18:56:02 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\sony\Desktop\OTL.exe
[2010/12/25 17:27:25 | 000,000,000 | ---D | C] -- C:\Users\sony\AppData\Roaming\Mozilla
[2010/12/24 20:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/24 03:37:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/12/23 19:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/23 19:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/12/22 21:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/12/22 21:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/22 08:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/12/22 08:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/12/22 08:27:41 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/12/22 08:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/12/21 00:48:58 | 000,000,000 | ---D | C] -- C:\Users\sony\AppData\Roaming\GamesCafe

========== Files - Modified Within 30 Days ==========

[2010/12/25 18:57:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/25 18:57:02 | 000,323,960 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/12/25 18:57:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/25 18:57:02 | 000,103,902 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/12/25 18:56:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\sony\Desktop\OTL.exe
[2010/12/25 18:50:52 | 000,002,521 | ---- | M] () -- C:\Users\sony\Desktop\HiJackThis.lnk
[2010/12/25 18:48:38 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/25 18:48:38 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/25 18:48:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/25 18:48:27 | 3186,651,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/25 18:43:58 | 000,035,328 | ---- | M] () -- C:\Users\sony\Desktop\Logfile of Trend Micro HijackThis v2.doc
[2010/12/25 17:27:26 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/12/25 17:25:49 | 000,032,017 | ---- | M] () -- C:\Users\sony\Desktop\bookmarks-2010-12-25.json
[2010/12/25 17:14:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/24 17:40:21 | 311,503,105 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/23 19:44:23 | 000,000,812 | ---- | M] () -- C:\Users\sony\Desktop\SpywareBlaster.lnk
[2010/12/22 09:31:46 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/12/22 09:31:46 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/12/22 08:27:41 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/12/21 00:48:58 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2010/12/21 00:33:04 | 000,001,782 | R--- | M] () -- C:\Users\sony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/21 00:33:04 | 000,001,782 | R--- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/15 23:10:42 | 000,339,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/13 23:10:18 | 000,126,137 | ---- | M] () -- C:\Users\sony\Desktop\Liste Veme.pdf
[2010/12/11 18:16:21 | 000,020,992 | ---- | M] () -- C:\Users\sony\Desktop\My sweet love.doc
[2010/12/11 14:16:00 | 000,019,968 | ---- | M] () -- C:\Users\sony\Desktop\你知道爱的不幸.doc
[2010/12/09 23:37:40 | 000,040,027 | ---- | M] () -- C:\Users\sony\Desktop\satiric dancer.jpg
[2010/12/08 21:26:57 | 000,020,480 | ---- | M] () -- C:\Users\sony\Desktop\爱的 对不起.doc
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/25 18:48:27 | 3186,651,136 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/25 18:43:58 | 000,035,328 | ---- | C] () -- C:\Users\sony\Desktop\Logfile of Trend Micro HijackThis v2.doc
[2010/12/25 17:27:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/25 17:25:49 | 000,032,017 | ---- | C] () -- C:\Users\sony\Desktop\bookmarks-2010-12-25.json
[2010/12/24 20:59:52 | 000,002,521 | ---- | C] () -- C:\Users\sony\Desktop\HiJackThis.lnk
[2010/12/24 03:37:06 | 311,503,105 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/23 19:44:23 | 000,000,812 | ---- | C] () -- C:\Users\sony\Desktop\SpywareBlaster.lnk
[2010/12/22 08:29:26 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/12/22 08:29:25 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/12/21 00:48:58 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/12/21 00:33:02 | 000,000,374 | ---- | C] () -- C:\Users\sony\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 IE 浏览器.lnk
[2010/12/20 21:00:29 | 000,017,542 | ---- | C] () -- C:\Windows\System32\Sshop.ico
[2010/12/20 21:00:29 | 000,017,542 | ---- | C] () -- C:\Windows\System32\Ggame.ico
[2010/12/13 23:10:18 | 000,126,137 | ---- | C] () -- C:\Users\sony\Desktop\Liste Veme.pdf
[2010/12/11 14:15:59 | 000,019,968 | ---- | C] () -- C:\Users\sony\Desktop\你知道爱的不幸.doc
[2010/12/11 12:29:53 | 000,020,992 | ---- | C] () -- C:\Users\sony\Desktop\My sweet love.doc
[2010/12/08 21:26:57 | 000,020,480 | ---- | C] () -- C:\Users\sony\Desktop\爱的 对不起.doc
[2010/05/08 13:31:39 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2010/03/14 21:04:52 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/14 21:04:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/14 19:00:39 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2009/10/20 08:35:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/27 16:39:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/27 15:43:30 | 000,000,000 | ---- | C] () -- C:\Program Files\EXIT8.TXT
[2009/09/27 15:00:58 | 000,028,160 | ---- | C] () -- C:\Users\sony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/27 14:51:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/09/27 14:51:52 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009/09/27 14:49:59 | 000,007,512 | ---- | C] () -- C:\Users\sony\AppData\Local\d3d9caps.dat
[2007/08/22 21:11:44 | 000,000,629 | ---- | C] () -- C:\Windows\System32\cid.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1997/06/14 16:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/12/21 00:48:58 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\GamesCafe
[2010/08/24 13:16:37 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\Netscape
[2010/08/12 17:31:35 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\Opera
[2010/08/25 00:03:22 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\QQMusicUpdate
[2010/08/27 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\Sina
[2010/08/25 00:03:26 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\Tencent
[2010/12/25 17:14:09 | 000,032,694 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/09/28 23:45:57 | 000,000,000 | ---D | M](C:\Users\sony\Documents\Mes fichiers re?us) -- C:\Users\sony\Documents\Mes fichiers reçus
[2010/04/21 23:26:03 | 000,000,000 | ---D | C](C:\Users\sony\Documents\Mes fichiers re?us) -- C:\Users\sony\Documents\Mes fichiers reçus

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >





Thanks in advance for your help !

Bebert

Edited by bebert, 28 December 2010 - 09:12 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP