[MaitK]

Niih, sain ühe pahalastega masina. F-Secure online viirusetõrje suutis leida 90 nimetust spyware asju ning 76 nimetust viirusi. Eemaldas need ära, ning masin ärkas natuke ellu. Igatahes nüüd hakkas nod32 tööle. Aga tekkis uus probleem. Lükates võrgukaabli külge või proovides wifiga, ei suuda masin andmeid vastu võtta. Mingi hämming on, millele ma ise jälile ei saanud. Ei toimi nett ei Safe mode's kui niisama windowsis.
Miski põhjustab seda, kuid ma ei saa aru mis. Mõistus otsas ning kuul koos. Googeldades sain teada, et võib olla ka mingi viga winsock asjaga. LSP fix ei aidanud.

Hijckthis'i logi praegusest seisust masinas:

Logfile of HijackThis v1.99.1
Scan saved at 8:58:46, on 27.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\Documents and Settings\All Users\Documents\aawservice.exe
C:\Program Files\Eset\nod32kui.exe
C:\DOCUME~1\Ain\LOCALS~1\Temp\winlogon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Ain\Desktop\1234\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.253:3128
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {318A4761-8240-48F3-83BB-C6E35D17D49D} - C:\Program Files\MSN\mepow83122.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BBD6579-58FE-4FBC-995A-38F99A556141} - C:\Program Files\MSN\mepow2.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99509409-1B72-4767-B5BD-1E2601601601} - C:\WINDOWS\system32\d3asvbn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Ain\LOCALS~1\Temp\winlogon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\mswsock.dll' missing
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: gpjibdksbrmf - C:\WINDOWS\system32\gpjibdksbrmf.dll
O20 - Winlogon Notify: Hp - Hp (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: vaaefinplwks - C:\WINDOWS\system32\vaaefinplwks.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O20 - Winlogon Notify: ØŠ`€ - ØŠ`€ (file missing)
O20 - Winlogon Notify: šØ€ - šØ€ (file missing)
O21 - SSODL: antivirus - {1C80A760-C25F-4406-818C-58E13B558703} - firewallav.dll (file missing)
O21 - SSODL: printers - {D6E4A059-D97D-4F2C-BE4D-DA0DCBE63471} - msn.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\All Users\Documents\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\System32\acs.exe
O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

[Lord Ami]

Fixi:

C:\DOCUME~1\Ain\LOCALS~1\Temp\winlogon.exe (peaks olema windows/system32 kaustas)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BBD6579-58FE-4FBC-995A-38F99A556141} - C:\Program Files\MSN\mepow2.dll (file missing)
O2 - BHO: (no name) - {99509409-1B72-4767-B5BD-1E2601601601} - C:\WINDOWS\system32\d3asvbn.dll (file missing)
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Ain\LOCALS~1\Temp\winlogon.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\mswsock.dll' missing
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: gpjibdksbrmf - C:\WINDOWS\system32\gpjibdksbrmf.dll (mis see on?)
O20 - Winlogon Notify: Hp - Hp (file missing)
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: vaaefinplwks - C:\WINDOWS\system32\vaaefinplwks.dll
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O20 - Winlogon Notify: ØŠ`€ - ØŠ`€ (file missing)
O20 - Winlogon Notify: šØ€ - šØ€ (file missing)
O21 - SSODL: antivirus - {1C80A760-C25F-4406-818C-58E13B558703} - firewallav.dll (file missing)
O21 - SSODL: printers - {D6E4A059-D97D-4F2C-BE4D-DA0DCBE63471} - msn.dll (file missing)

Vaata neid, need võiks fixida.Peale seda proovi netti saada.
Samuti proovi seda:
http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
Veel võid proovida F-Secure BlackLight-iga scannida(rootkitte)
https://europe.f-secure.com/exclude/blacklight/index.shtml

[Märt.]

Hea oleks proovida netti ühenduda Internet Exploreriga ja Firefoxiga. Winsocki jama puhul saab netti Firefox, aga IE mitte.

[MaitK]

Lõpuks sai mul kopp nii ette, et reinstallisin windowsi, see võttis kordades vähem aega, kui ma olin juba kulutanud.
udusiil, kui masin ei ole võimeline isegi mulle mõistlikku IP'd näitama (ala 192.168....), siis pole vahet enam kas firefox või IE


Modedele niipalju, et sooviks teema lukku ja kustutamisele.

[kännuämmelg]

wini installist kindlam ja vaevatum vahend on uue arvuti ost 8)
aga jah. mõned ussid topivad ennast juurikateni sisse, kaevad tunde, päevi ja lõppkokkuvõttes venib ikka kõik nagu tigu või tekitab tõrkeid.
winsocki puhul aitab mõnikord katalog reset, kuid ühe korra sai kaarte vahetatud serviseid maha-peale punnitatud , viiruseid, troojaid jms mudru välja hirmutatud, wini repair-install tehtud ja ikka masin ppoe-ga tööle ei hakanud.. lõppes asi wini uuesti installiga ja sellega, et kodanik, kelle masin oli, jäigi arvamusele, et diletant teeb wini uut installi terve päev

[MaitK]

Eks see ole jah nii, algul saab ikka kõigepealt hea ja halvaga proovitud, ning viimane variant on alles reinstall. Kuigi kui hakata ajaliselt vaatama, siis oleks kasulikum korraga teha reinstall. Kuid eks teadmistehimu ning enese proovilepanek on ka faktorid, miks pusid tükk aega selliste probleemide kallal