nemůžu aktualizovat javu protože tam není verze pro 32 bit
C:\WINDOWS\System32\Converter_sysquict.dat - tenhle soubor nemám
https://www.virustotal.com/file/501a918 ... 340100362/
All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
No active process named firefox.exe was found!
Service WinDefend stopped successfully!
Service WinDefend deleted successfully!
File %ProgramFiles%\Windows Defender\mpsvc.dll File not found not found.
Service iphlpsvc stopped successfully!
Service iphlpsvc deleted successfully!
File %SystemRoot%\System32\iphlpsvc.dll File not found not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service tdx stopped successfully!
Service tdx deleted successfully!
File system32\DRIVERS\tdx.sys File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service MRESP50a64 stopped successfully!
Service MRESP50a64 deleted successfully!
File C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS File not found not found.
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
File C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS File not found not found.
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!
File C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS File not found not found.
Service MREMP50a64 stopped successfully!
Service MREMP50a64 deleted successfully!
File C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\WINDOWS\system32\drivers\EagleNT.sys File not found not found.
Error: No service named azwf7eo8 was found to stop!
Service\Driver key azwf7eo8 not found.
File File not found not found.
Error: No service named ALCXWDM) Service for Realtek AC97 Audio (WDM was found to stop!
Service\Driver key ALCXWDM) Service for Realtek AC97 Audio (WDM not found.
File system32\drivers\ALCXWDM.SYS File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F4764C9-A953-44D8-BA81-4C334ADB8090}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F4764C9-A953-44D8-BA81-4C334ADB8090}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035}\ not found.
Prefs.js: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 removed from extensions.enabledItems
Prefs.js: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Extensions folder moved successfully.
Folder C:\Documents and Settings\Jura\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ not found.
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\uu5b7sxw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\uu5b7sxw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins folder moved successfully.
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\uu5b7sxw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\uu5b7sxw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\uu5b7sxw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\uu5b7sxw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\uu5b7sxw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Documents and Settings\Jura\Data aplikací\Mozilla\Firefox\Profiles\uu5b7sxw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
127.0.0.1 localhost removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:430C6D84 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:3201AC76 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:B606BA34 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\002763_.tmp moved successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder moved successfully.
C:\WINDOWS\65F1CF6331E0450B96F34A88BE7361A6.TMP folder moved successfully.
C:\WINDOWS\6833245EDD86479A882A8360D62C8194.TMP folder moved successfully.
C:\WINDOWS\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder moved successfully.
C:\WINDOWS\DEA314C409294250BC9298E4C105F28D.TMP folder moved successfully.
C:\WINDOWS\DUMP494d.tmp moved successfully.
C:\WINDOWS\DUMP66d8.tmp moved successfully.
C:\WINDOWS\DUMP920e.tmp moved successfully.
C:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
C:\WINDOWS\System32\C2MP folder moved successfully.
File\Folder [13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] not found.
File\Folder [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] not found.
C:\Documents and Settings\Jura\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\Jura\Data aplikací\111.dat moved successfully.
C:\WINDOWS\sbacknt.bin moved successfully.
C:\WINDOWS\treeskp.sys moved successfully.
C:\WINDOWS\System32\XSIFtk-3.6.2.1.dll moved successfully.
< ipconfig /flushdns /c >
Konfigurace protokolu IP systému Windows
Mezipaměť překládání DNS byla úspěšně vyprázdněna.
C:\Documents and Settings\Jura\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\Jura\Plocha\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 53524 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 84 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41661 bytes
User: Jura
->Temp folder emptied: 248844 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Java cache emptied: 45685683 bytes
->FireFox cache emptied: 64277926 bytes
->Google Chrome cache emptied: 9345289 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1224 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: mamka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 68417 bytes
->Java cache emptied: 260428 bytes
->FireFox cache emptied: 152611997 bytes
->Opera cache emptied: 1862976 bytes
->Flash cache emptied: 8379 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: TEMP
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41661 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 262,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Jura
->Flash cache emptied: 0 bytes
User: LocalService
User: mamka
->Flash cache emptied: 0 bytes
User: NetworkService
User: TEMP
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.49.0 log created on 06192012_122937
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
prosím o kontrolu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
Vlož myší do okénka na virustotal:
mělo by si to najít samo..
Jak to vypadá nyní?
Ta verze pro win 32bit je tato:
Windows x86 Offline 19.26 MB jre-7-windows-i586.exe
Kód: Vybrat vše
C:\WINDOWS\System32\Converter_sysquict.datmělo by si to najít samo..
Jak to vypadá nyní?
Ta verze pro win 32bit je tato:
Windows x86 Offline 19.26 MB jre-7-windows-i586.exe
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
Zkusil si kontaktovat provozovatele wifi?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu
mám domácí wifi router a internet od o2 a můj mobil se k té wifi připojí naprosto bez problémů.
Já si myslím že když se mazal tem malware tak se poškodily registry nebo něco.
Já si myslím že když se mazal tem malware tak se poškodily registry nebo něco.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
Stáhni si Farbar Service Scanner
a spust ho.
Ujisti se , jestli máš zatrženo :
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Klikni na "Scan".
Po čase se objeví log (FSS.txt) , ve stejném adresáři jako máš tento nástroj.
Prosím , zkopíruj sem celý jeho obsah.
Stáhni si Windows Repair
Installer (4.41 MB)
http://majorgeeks.com/downloadget.php?i ... 8eb328614e
Portable (2.02 MB)
http://www.majorgeeks.com/downloadget.p ... 9b142a875e
na svojí plochu a spusť ho. Program se nainstaluje.
Přejděte ke kroku 2 a povolit jeho spuštění disku kontrolu
Pak přejdi ke kroku 3 a povol SFC ( klik na Do It!).
a spust ho.
Ujisti se , jestli máš zatrženo :
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Klikni na "Scan".
Po čase se objeví log (FSS.txt) , ve stejném adresáři jako máš tento nástroj.
Prosím , zkopíruj sem celý jeho obsah.
Stáhni si Windows Repair
Installer (4.41 MB)
http://majorgeeks.com/downloadget.php?i ... 8eb328614e
Portable (2.02 MB)
http://www.majorgeeks.com/downloadget.p ... 9b142a875e
na svojí plochu a spusť ho. Program se nainstaluje.
Přejděte ke kroku 2 a povolit jeho spuštění disku kontrolu
Pak přejdi ke kroku 3 a povol SFC ( klik na Do It!).
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu
Farbar Service Scanner Version: 09-06-2012
Ran by Jura (administrator) on 20-06-2012 at 19:55:31
Running from "C:\Documents and Settings\Jura\Plocha"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted".
The ServiceDll of wscsvc service is OK.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "%systemroot%\system32\wuaueng.dll".
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc: "%SystemRoot%\system32\svchost.exe -k NetworkService".
The ServiceDll of cryptsvc service is OK.
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-18 14:00] - [2008-04-14 05:21] - 0125952 ____A (Microsoft Corporation) 8C9A53E285AC5E6704844D0459EC85BE
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-18 14:00] - [2008-04-14 05:21] - 0045568 ____A (Microsoft Corporation) 0634B791684B84F4A331F3D3536FEEF8
C:\WINDOWS\system32\ipnathlp.dll
[2004-08-18 14:00] - [2008-04-14 05:21] - 0329728 ____A (Microsoft Corporation) F58FACA9621D2DB01BD0927D9A0A208E
C:\WINDOWS\system32\netman.dll
[2004-08-18 14:00] - [2008-04-14 05:21] - 0198144 ____A (Microsoft Corporation) 72E1E9E2977BE08BDEEDB6D8FD9D4D40
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-12-10 10:44] - [2008-04-14 05:22] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6
C:\WINDOWS\system32\srsvc.dll
[2008-12-10 10:46] - [2008-04-14 05:22] - 0171008 ____A (Microsoft Corporation) 35B91147124F64AC8081A2EDB9EA4DEE
C:\WINDOWS\system32\Drivers\sr.sys
[2008-12-10 10:46] - [2008-04-14 04:41] - 0073344 ____A (Microsoft Corporation) 94610C8653635E4459316A0050D55CE7
C:\WINDOWS\system32\wscsvc.dll
[2004-08-18 14:00] - [2008-04-14 05:22] - 0080896 ____A (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-12-10 10:44] - [2008-04-14 05:22] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6
C:\WINDOWS\system32\wuauserv.dll
[2008-12-10 10:46] - [2008-04-14 05:22] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308
C:\WINDOWS\system32\qmgr.dll
[2008-12-10 10:46] - [2008-04-14 05:21] - 0409088 ____A (Microsoft Corporation) 19395D092FD85DDC2D9C7729CF5A2AC8
C:\WINDOWS\system32\es.dll
[2004-08-18 14:00] - [2008-07-07 22:29] - 0253952 ____A (Microsoft Corporation) A371F11EF07653591C8DE26AFB13CE7F
C:\WINDOWS\system32\cryptsvc.dll
[2004-08-18 14:00] - [2008-04-14 05:21] - 0062464 ____A (Microsoft Corporation) F3AB0933CBD166D271992F411C27CCAF
C:\WINDOWS\system32\svchost.exe
[2004-08-18 14:00] - [2008-04-14 05:22] - 0014336 ____A (Microsoft Corporation) BE4A520E29B6391F49E79CCC52044D93
C:\WINDOWS\system32\rpcss.dll
[2004-08-18 14:00] - [2009-02-09 12:56] - 0401408 ____A (Microsoft Corporation) BE27674D1CBC3214AEC84B4336A38BBF
C:\WINDOWS\system32\services.exe
[2004-08-18 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9EF697AF07BB8DD82C3B02CA953A95B7
**** End of log ****
Ran by Jura (administrator) on 20-06-2012 at 19:55:31
Running from "C:\Documents and Settings\Jura\Plocha"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted".
The ServiceDll of wscsvc service is OK.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "%systemroot%\system32\wuaueng.dll".
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc: "%SystemRoot%\system32\svchost.exe -k NetworkService".
The ServiceDll of cryptsvc service is OK.
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-18 14:00] - [2008-04-14 05:21] - 0125952 ____A (Microsoft Corporation) 8C9A53E285AC5E6704844D0459EC85BE
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-18 14:00] - [2008-04-14 05:21] - 0045568 ____A (Microsoft Corporation) 0634B791684B84F4A331F3D3536FEEF8
C:\WINDOWS\system32\ipnathlp.dll
[2004-08-18 14:00] - [2008-04-14 05:21] - 0329728 ____A (Microsoft Corporation) F58FACA9621D2DB01BD0927D9A0A208E
C:\WINDOWS\system32\netman.dll
[2004-08-18 14:00] - [2008-04-14 05:21] - 0198144 ____A (Microsoft Corporation) 72E1E9E2977BE08BDEEDB6D8FD9D4D40
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-12-10 10:44] - [2008-04-14 05:22] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6
C:\WINDOWS\system32\srsvc.dll
[2008-12-10 10:46] - [2008-04-14 05:22] - 0171008 ____A (Microsoft Corporation) 35B91147124F64AC8081A2EDB9EA4DEE
C:\WINDOWS\system32\Drivers\sr.sys
[2008-12-10 10:46] - [2008-04-14 04:41] - 0073344 ____A (Microsoft Corporation) 94610C8653635E4459316A0050D55CE7
C:\WINDOWS\system32\wscsvc.dll
[2004-08-18 14:00] - [2008-04-14 05:22] - 0080896 ____A (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-12-10 10:44] - [2008-04-14 05:22] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6
C:\WINDOWS\system32\wuauserv.dll
[2008-12-10 10:46] - [2008-04-14 05:22] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308
C:\WINDOWS\system32\qmgr.dll
[2008-12-10 10:46] - [2008-04-14 05:21] - 0409088 ____A (Microsoft Corporation) 19395D092FD85DDC2D9C7729CF5A2AC8
C:\WINDOWS\system32\es.dll
[2004-08-18 14:00] - [2008-07-07 22:29] - 0253952 ____A (Microsoft Corporation) A371F11EF07653591C8DE26AFB13CE7F
C:\WINDOWS\system32\cryptsvc.dll
[2004-08-18 14:00] - [2008-04-14 05:21] - 0062464 ____A (Microsoft Corporation) F3AB0933CBD166D271992F411C27CCAF
C:\WINDOWS\system32\svchost.exe
[2004-08-18 14:00] - [2008-04-14 05:22] - 0014336 ____A (Microsoft Corporation) BE4A520E29B6391F49E79CCC52044D93
C:\WINDOWS\system32\rpcss.dll
[2004-08-18 14:00] - [2009-02-09 12:56] - 0401408 ____A (Microsoft Corporation) BE27674D1CBC3214AEC84B4336A38BBF
C:\WINDOWS\system32\services.exe
[2004-08-18 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9EF697AF07BB8DD82C3B02CA953A95B7
**** End of log ****
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
spusť znovu FSS
vlož tohle do okénka:
ipsec.sys
a klikni na search files..
Vlož sem log , který vyběhne.
vlož tohle do okénka:
ipsec.sys
a klikni na search files..
Vlož sem log , který vyběhne.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu
Farbar Service Scanner Version: 09-06-2012
Ran by Jura (administrator) on 20-06-2012 at 22:01:15
Microsoft Windows XP Home Edition Service Pack 3 (X86)
************************************************
======== Search: "ipsec.sys " =========
C:\WINDOWS\system32\drivers\ipsec.sys
[2004-08-18 14:00] - [2008-04-13 21:19] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008-04-13 21:19] - [2008-04-13 21:19] - 0075264 ____C (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2009-06-04 19:35] - [2004-08-18 14:00] - 0074752 ____C (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1
====== End Of Search ======
Ran by Jura (administrator) on 20-06-2012 at 22:01:15
Microsoft Windows XP Home Edition Service Pack 3 (X86)
************************************************
======== Search: "ipsec.sys " =========
C:\WINDOWS\system32\drivers\ipsec.sys
[2004-08-18 14:00] - [2008-04-13 21:19] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008-04-13 21:19] - [2008-04-13 21:19] - 0075264 ____C (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2009-06-04 19:35] - [2004-08-18 14:00] - 0074752 ____C (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1
====== End Of Search ======
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
Udělej to samé s:
wscsvc.dll
a poté s:
wuauserv.dll
Start---spustit a napiš:
cmd
dej Enter
Na blikající kurzor vlož:
Dej Enter.
Restart PC.
wscsvc.dll
a poté s:
wuauserv.dll
Start---spustit a napiš:
cmd
dej Enter
Na blikající kurzor vlož:
Kód: Vybrat vše
netsh int ip reset reset.log
netsh winsock reset catalog
ipconfig /release
ipconfig /renew
ipconfig /flushdnsDej Enter.
Restart PC.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu
Farbar Service Scanner Version: 09-06-2012
Ran by Jura (administrator) on 21-06-2012 at 11:01:20
Microsoft Windows XP Home Edition Service Pack 3 (X86)
************************************************
======== Search: "wscsvc.dll" =========
C:\WINDOWS\system32\wscsvc.dll
[2004-08-18 14:00] - [2008-04-14 05:22] - 0080896 ____A (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3
C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008-04-14 05:22] - [2008-04-14 05:22] - 0080896 ____C (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3
C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2009-06-04 19:36] - [2004-08-18 14:00] - 0081408 ____C (Microsoft Corporation) 4ADED1ADEF25041D9827F9A79C0FDA13
====== End Of Search ======
Farbar Service Scanner Version: 09-06-2012
Ran by Jura (administrator) on 21-06-2012 at 11:03:02
Microsoft Windows XP Home Edition Service Pack 3 (X86)
************************************************
======== Search: "wuauserv.dll" =========
C:\WINDOWS\system32\wuauserv.dll
[2008-12-10 10:46] - [2008-04-14 05:22] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308
C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008-04-14 05:22] - [2008-04-14 05:22] - 0006656 ____C (Microsoft Corporation) C1364564800EE9784192145324A23308
C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2009-06-04 19:36] - [2004-08-18 14:00] - 0006656 ____C (Microsoft Corporation) 21F5169CA14E0B25C757644456F637DF
====== End Of Search ======
Ran by Jura (administrator) on 21-06-2012 at 11:01:20
Microsoft Windows XP Home Edition Service Pack 3 (X86)
************************************************
======== Search: "wscsvc.dll" =========
C:\WINDOWS\system32\wscsvc.dll
[2004-08-18 14:00] - [2008-04-14 05:22] - 0080896 ____A (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3
C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008-04-14 05:22] - [2008-04-14 05:22] - 0080896 ____C (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3
C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2009-06-04 19:36] - [2004-08-18 14:00] - 0081408 ____C (Microsoft Corporation) 4ADED1ADEF25041D9827F9A79C0FDA13
====== End Of Search ======
Farbar Service Scanner Version: 09-06-2012
Ran by Jura (administrator) on 21-06-2012 at 11:03:02
Microsoft Windows XP Home Edition Service Pack 3 (X86)
************************************************
======== Search: "wuauserv.dll" =========
C:\WINDOWS\system32\wuauserv.dll
[2008-12-10 10:46] - [2008-04-14 05:22] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308
C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008-04-14 05:22] - [2008-04-14 05:22] - 0006656 ____C (Microsoft Corporation) C1364564800EE9784192145324A23308
C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2009-06-04 19:36] - [2004-08-18 14:00] - 0006656 ____C (Microsoft Corporation) 21F5169CA14E0B25C757644456F637DF
====== End Of Search ======
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
Jak to vypadá potom příkazovém řádku?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů