Firefox a Thunderbird - nie je mozne spustit Vyřešeno

[memphisto]

Zkus použít AVG Remover

[Reklama]

[farba11]

Dobry den,

podarilo sa mi odinstalovat AVG a vkladam log z ComboFix:

ComboFix 10-12-28.03 - italmarket 29.12.2010 17:46:54.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.511.160 [GMT 1:00]
Running from: e:\dokumenty\Stažené soubory\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleansweep.exe
c:\cleansweep.exe\config.bin
c:\documents and settings\italmarket\Application Data\Desktopicon
c:\documents and settings\italmarket\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\italmarket\Desktop\[TorrentReactor.to] - Hardcore Partying 13 XXX [DVDRIP][Orgy-Amateur][www.newpct.com].torrent
c:\windows\jestertb.dll
C:\windowseep.exe
c:\windowseep.exe\config.bin
E:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_msqpdxserv.sys
-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
.

2010-12-17 09:10 . 2010-12-17 09:10 -------- d-----w- C:\Novell
2010-12-17 08:58 . 1997-01-21 16:28 280064 ----a-w- c:\windows\system32\CSTA32.DLL
2010-12-17 08:58 . 2010-12-17 09:12 -------- d-----w- c:\windows\FORMS
2010-12-17 08:56 . 2001-10-31 18:16 49152 ----a-w- c:\temp\CLIENT\WIN32\ADDONS\GWMAILTO\InstSV.Dll
2010-12-17 08:47 . 2010-12-17 08:55 56540374 ----a-w- c:\temp\CLIENT_GW.exe
2010-12-15 05:15 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 05:13 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-09 16:20 . 2010-12-09 16:23 -------- d-----w- c:\program files\Pocty
2010-12-07 05:11 . 2010-12-07 05:11 1409 ----a-w- c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2007-01-26 20:26 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:05 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-02-28 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"pdfFactory Dispatcher v1"="c:\windows\System32\spool\DRIVERS\W32X86\2\fppdis1.exe" [2002-04-05 360448]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"LFService"="c:\program files\Lock Folder XP\LFService.exe" [2009-07-23 40960]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\italmarket\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-8-6 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetScreen-Remote.lnk - c:\program files\Juniper\NetScreen-Remote\SafeCfg.exe [2007-1-30 69684]
Report‚r KONICA MINOLTA PagePro 1350E.lnk - c:\windows\system32\KONICA MINOLTA\Printer tools_NT\SP701.EXE [2007-6-5 3035136]
Spr vce upozornŘnˇ aplikace GroupWise.lnk - c:\novell\GroupWise\Notify.exe [2010-12-17 180281]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Temp\\DC++\\StrongDC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"=
"c:\program files\Juniper\NetScreen-Remote\ViewLog.exe"= c:\program files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\Juniper\NetScreen-Remote\CmonApp.exe"= c:\program files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\Juniper\NetScreen-Remote\vpn.exe"= c:\program files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.8.2007 12:28 664064]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [30.1.2007 9:53 129592]
R1 LFSys;LFSys;c:\windows\system32\drivers\lf30xp.sys [13.7.2009 10:08 68608]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [28.3.2010 21:31 51072]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [30.1.2007 9:53 521786]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [30.1.2007 9:52 36188]
S2 gupdate1ca99b2a1ca39f6;Služba Google Update (gupdate1ca99b2a1ca39f6);c:\program files\Google\Update\GoogleUpdate.exe [20.1.2010 10:26 133104]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [21.10.2007 14:25 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [21.10.2007 14:25 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [21.10.2007 14:25 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [21.10.2007 14:25 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [21.10.2007 14:25 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [21.10.2007 14:25 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [21.10.2007 14:25 90800]
.
Contents of the 'Scheduled Tasks' folder

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 09:25]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 09:25]

2010-12-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-573735546-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-12-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-573735546-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
IE: Download All Files by HiDownload - c:\program files\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\HiDownload\HDGet.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {7B5E6C3C-79B8-43B4-8A3E-2AC4B95B4B3B} = 217.73.17.2,217.73.16.2
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\italmarket\Application Data\Mozilla\Firefox\Profiles\tbbh0q41.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: 602XML Filler: xmlfiller@software602.cz - c:\program files\Mozilla Firefox\extensions\xmlfiller@software602.cz
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 602XML Filler: xmlfiller@software602.cz - %profile%\extensions\xmlfiller@software602.cz
FF - Ext: Gmail Button: gmailbutton@mozdeveloper.com - %profile%\extensions\gmailbutton@mozdeveloper.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-AASecuUFD - (no file)
HKU-Default-Run-windowseep.exe - c:\windowseep.exe\windowseep.exe
Notify-avgrsstarter - avgrsstx.dll
AddRemove-Convert PDF To Image_is1 - c:\program files\Softinterface



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-29 17:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\ *¨+***a
*Đ*đ*P_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Juniper\NetScreen-Remote\IPSecMon.exe
c:\program files\Juniper\NetScreen-Remote\IreIKE.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Skype\Phone\Skype.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\SkypePM.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
c:\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Completion time: 2010-12-29 18:01:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-29 17:01

Pre-Run: 9 922 109 440 bytes free
Post-Run: 11 677 847 552 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 608959608BAFB7C58212A823DB5D118B

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+HJT

Jak se chová PC?

[farba11]

Dobry den,

PC sa chova super. Velmi pekne Vam dakujem za pomoc a prajem Vam vela zdravia, stastia a spokojnosti v roku 2011.

S pozdravom

Martin Farba