|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Suuria ongelmia XP kanssa!
|
|
|
scorni
Newbie
|
23. maaliskuuta 2009 @ 10:49 |
Linkki tähän viestiin
|
Eräänä päivä Antivir rupesi vain valittamaan, että troijalaisia löytynyt wowfx.dll tiedostosta. Siitä sitten äkkiä vaan Malwarebytes' Anti-Malwarella scannasin ja poistin kaikki saastuneet.
Siinä sitten boottasin ja windows ei enää käynistynytkään niin kuin pitäisi. WELCOME tekstin jälkeen tulee toi DATA EXECUTION PREVENTION error ja pelkkä taustakuva.
Safe modellia menin sisään ja olin pistämässä DEPia pois. Mutta kun menin Control Panel/System/ niin tulee 'Windows cannot find C:\Windows\system32\rundll32.exe'. Eli konetta ei nyt saa mitenkään toimimaan.
Tässä Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:29, on 23.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE
O4 - HKLM\..\Run: [Language_Shortcut] C:\WINDOWS\TEMP\IEXPLORE.EXE
O4 - HKLM\..\Run: [SYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe
O4 - HKLM\..\Run: [RUNDLL32] C:\WINDOWS\TEMP\rundll32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shortcut to Core Temp.lnk = C:\Program Files\CoreTemp\Core Temp.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)
--
End of file - 7135 bytes
Ken vaan osaa, nii auttakoon.
Kiitos!
|
|
BforeDusk
AfterDawn Addict
|
23. maaliskuuta 2009 @ 19:47 |
Linkki tähän viestiin
|
Vaikka pahalta kuullostaa, niin nopein ja vaivattomin tapa on asentaa kaikki uusiksi.
Jos ei c: asemassa ole mitään tärkeetä, niin xp:n asennus cd:llä täysformatointi c:lle ensin. Tai vaikka boottidisketillä format c:
Jos on jotain tärkeetä, niin Live Linux cd:llä tuhoten c:\windows kansio, kaikki c:\ juuresta. Ja siirtäen 'vanhat-talteen' kansiooon Documents and settings ja program files sisältö. Jos tila tee tiukkaa, nin siirrät vaan tiedostot noiden alta.
sitten kun xp on asennettu ja virustutka kunnossa, niin skannaten toi 'vanhat-talteen' kansio ja putsaten loputkin örkit. Tai skannaten koko kone.
Odotella voit, että joku osaa kertoa saastan putsaamiset kunnolla.
'Windows cannot find *****'
Palautuskonsoli, Recovery console, xp-cd:llä bootaten ja (tässä e: on cd/dvd aseman kirjain tunnus. Vaihdat oman koneesi mukaisesksi)
expand e:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe
Tolla kopsataan kadonnut tai viallinen tiedosto sinne, mistä uupuu.
i386 kansiossa cd:llä on kaikki winukan tiedostot, viimeinen merkki vaihdettuna _ josta ne on helppo päätellä mikä sen nimi siellä cd:llä pakattuna on.
Osta paskaa, saat 2kk kaupan päälle.
- Zz Topelius -
|
Senior Member
9 tuotearviota
|
24. maaliskuuta 2009 @ 11:35 |
Linkki tähän viestiin
|
no huh.. on aika sekasotku tuo HJT, miten sinne noin paljon tavaraa saa mahtumaan :P
kokeiles:
RUN>MSCONFIG
valitse
SELECTIVE STARTUP
ruksi veke kaikista kohdista
SERVICES välilehti
kaikki pois
STARTUP välilehti
kaikki pois
REBOOT
Jos käynnistyy niin poista kaikki ylimääräiset ohjelmat
hae esimerkiksi comodo internet security paketti + BOclean ja putsaa kone perusteellisesti.
seuraavaksi putsaa rekisteri. ccleaner on pätevä ohjelma tähän. scannaa ja poista virheet (muista tehdä varmuuskopio) scannaa uudestaan ja poista virheet jne kunnes kaikki korjattu.
Tarkista SYSTEM kansio epäilyttävien tiedostojen varalta.
seuraavaksi voi ms configista laittaa tarvittavat palvelut ja ohjelmat käynnistymään.
Reboot ja ja hjt loki tänne.
SF-2000 || Corsair CX 750M || SaberTooth 990FX R2 || AMD FX-8350@4.75Ghz/1,43V || Asus R9 290 DirectCU II || 16GB Team Group 2400Mhz DDR3 || Blackice 360 GTX || NeXXos ST30 || Swiftech Mcp655 || EK Supermacy || ClearFlex tubing || Deathadder 4G/Destructor 2/Steelseries 6Gv2 || Sennheiser PC350 || 22" 2ms LCD Iiyama Prolite B2206WS || ASUS Xonar DX || Win7 Ultimate N
http://www.speedtest.net/result/2401459507.pngViestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. maaliskuuta 2009 @ 11:36
|
|
scorni
Newbie
|
27. maaliskuuta 2009 @ 07:08 |
Linkki tähän viestiin
|
Tein noin, mutta mikään ei näyttänyt auttavan. Otin myös CD:ltä uuden rundll32.exen. Sen jälkeen eksyin vetämään koneeseen ComboFixin. Sen jälkeen kone ainakin käynisty normaalisti.
Tässä on ComboFixin logi ja HJT logi
ComboFix 09-03-25.04 - Aaro 2009-03-26 20:51:32.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1759 [GMT 2:00]
Sijainti: c:\documents and settings\Aaro\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\1.bat
F:\Autorun.inf
[color=blue]Saastunut kopio tiedostosta c:\windows\explorer.exe löytyi ja poistettiin
Puhdas kopio palautettiin paikasta - c:\qoobox\Quarantine\C\WINDOWS\explorer.exe.vir[/COL OR]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-26 to 2009-03-26 )))))))))))))))))
.
2009-03-26 20:51 . 2009-03-26 20:51 180,224 --a------ c:\windows\system32\javaws.dll
2009-03-26 20:12 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\rundll32.exe
2009-03-26 19:56 . 2009-03-26 19:56 180,224 --a------ c:\windows\system32\nvudisp.dll
2009-03-26 19:56 . 2009-03-26 19:56 131,072 --a------ c:\windows\system32\test52.exe
2009-03-22 21:30 . 2009-03-22 21:30 <DIR> d-------- c:\program files\Trend Micro
2009-03-22 16:37 . 2009-03-22 16:37 180,224 --a------ c:\windows\system32\ntbackup.dll
2009-03-21 16:48 . 2009-03-26 19:56 1,136,132 --a--c--- c:\windows\system32\dllcache\explorer.exe
2009-03-12 23:15 . 2009-03-12 23:15 <DIR> d-------- c:\windows\Sun
2009-03-11 18:51 . 2009-03-11 18:51 <DIR> d-------- c:\program files\Java
2009-03-11 18:51 . 2009-03-11 18:51 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-11 18:51 . 2009-03-11 18:51 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-11 15:39 . 2006-07-17 23:47 659,456 --a------ c:\windows\system32\snapapi32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 14:37 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2009-03-18 22:44 --------- d-----w c:\program files\BitComet
2009-03-17 06:53 138,584 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-16 22:58 --------- d-----w c:\documents and settings\Aaro\Application Data\NoNameScript
2009-03-16 20:14 --------- d---a-w c:\program files\mIRC
2009-03-15 18:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-11 23:55 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-20 17:23 --------- d-----w c:\program files\CasinoEuro
2009-02-17 10:22 --------- d-----w c:\program files\OpenAL
2009-02-17 10:22 --------- d-----w c:\documents and settings\All Users\Application Data\Eidos
2009-02-17 08:07 --------- d-----w c:\program files\mp3DirectCut
2009-02-14 16:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-14 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2009-02-14 16:33 --------- d-----w c:\program files\MSBuild
2009-02-14 16:30 --------- d-----w c:\program files\Reference Assemblies
2009-02-14 16:12 22,328 ----a-w c:\documents and settings\Aaro\Application Data\PnkBstrK.sys
2009-02-14 15:40 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-11 18:01 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coin staller_Critical.Wdf
2009-02-11 18:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007. Wdf
2009-02-11 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-02-11 17:59 --------- d-----w c:\program files\Nokia
2009-02-11 17:58 --------- d-----w c:\program files\Common Files\Nokia
2009-02-11 17:58 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-11 17:57 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coin staller_Critical.Wdf
2009-02-11 17:57 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005. Wdf
2009-02-11 08:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 08:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 19:46 --------- d-----w c:\program files\Steam
2009-02-09 16:20 --------- d-----w c:\documents and settings\Aaro\Application Data\AdobeUM
2009-02-09 06:34 --------- d-----w c:\program files\Microsoft Works
2009-02-08 18:01 --------- d-----w c:\documents and settings\Aaro\Application Data\Apple Computer
2009-02-08 17:57 --------- d-----w c:\program files\QuickTime
2009-02-08 17:57 --------- d-----w c:\program files\Apple Software Update
2009-02-08 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-08 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-04 18:01 --------- d-----w c:\documents and settings\Aaro\Application Data\uTorrent
2009-02-04 07:25 --------- d-----w c:\program files\MSXML 4.0
2009-02-03 11:58 --------- d-----w c:\documents and settings\Aaro\Application Data\Locktime
2009-02-03 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Locktime
2009-02-03 11:50 --------- d-----w c:\program files\Logitech
2009-02-03 11:50 --------- d-----w c:\documents and settings\All Users\Application Data\MediaLife
2009-02-03 11:49 --------- d-----w c:\documents and settings\Aaro\Application Data\MediaLife
2009-02-03 11:34 --------- d-----w c:\documents and settings\Aaro\Application Data\Logitech
2009-02-03 11:31 --------- d-----w c:\program files\Common Files\Logitech
2009-02-03 11:08 --------- d-----w c:\program files\CyberLink DVD Solution
2009-02-02 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-02-02 21:51 --------- d-----w c:\documents and settings\Aaro\Application Data\CyberLink
2009-02-02 15:44 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-02 15:43 --------- d-----w c:\program files\CyberLink
2009-02-02 15:43 --------- d-----w c:\program files\Common Files\Ahead
2009-02-02 15:43 --------- d-----w c:\program files\Ahead
2009-02-02 15:30 --------- d-----w c:\documents and settings\Aaro\Application Data\Ventrilo
2009-01-27 20:49 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-27 20:45 --------- d-----w c:\program files\Common Files\Adobe
2009-01-27 20:45 --------- d-----w c:\program files\Bonjour
2009-01-27 20:40 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-27 19:29 --------- d-----w c:\program files\VentriloMIX
2009-01-27 18:17 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-01-27 17:32 --------- d-----w c:\program files\Ipswitch
2009-01-27 17:32 --------- d-----w c:\documents and settings\Aaro\Application Data\Ipswitch
2009-01-27 17:12 --------- d-----w c:\program files\Last.fm
2009-01-27 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\Last.fm
2009-01-27 12:43 --------- d-----w c:\program files\Windows Live
2009-01-27 12:43 --------- d-----w c:\program files\Microsoft
2009-01-27 12:42 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-27 12:39 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-26 20:10 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-01-23 18:15 60,416 ----a-w c:\windows\ALCFDRTM.EXE
2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2004-08-04 14:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
2009-02-03 13:00 361600 cd00787894008369f56153b91fc28847 c:\windows\system32\dllcache\TCPIP.SYS
2009-03-22 16:37 361600 ebe577dbd6eea7792471cb1cb9598ec1 c:\windows\system32\drivers\TCPIP.SYS
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curren tVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-11 148888]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.ex e" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Curr entVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Aaro\Start Menu\Programs\Startup\
Shortcut to Core Temp.lnk - c:\program files\CoreTemp\Core Temp.exe [2009-01-23 198144]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-01-23 3581680]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-03 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-23 20:50 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\ securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpol icy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Media\\Games\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Media\\Games\\Half Life 2\\hl2-steam -console.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Media\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Media\\Games\\Burnout Paradise\\BurnoutLauncher.exe"=
"c:\\Media\\Games\\Burnout Paradise\\BurnoutConfigTool.exe"=
"c:\\Media\\Games\\Burnout Paradise\\BurnoutParadise.exe"=
"c:\\Media\\Games\\Call of Duty 5 - World at War\\CoDWaW.exe"=
"c:\\Media\\Games\\Call of Duty 5 - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Media\\Games\\Q2\\aq2.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpol icy\standardprofile\GloballyOpenPorts\List]
"23277:TCP"= 23277:TCP:BitComet 23277 TCP
"23277:UDP"= 23277:UDP:BitComet 23277 UDP
"4719:TCP"= 4719:TCP:4719
"22059:TCP"= 22059:TCP:BitComet 22059 TCP
"22059:UDP"= 22059:UDP:BitComet 22059 UDP
R3 ALSysIO;ALSysIO;\??\c:\docume~1\Aaro\LOCALS~1\Temp ALSysIO.sys --> c:\docume~1\Aaro\LOCALS~1\Temp\ALSysIO.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-02-11 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-02-11 8320]
[HKEY_CURRENT_USER\software\microsoft\windows\current version\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\current version\explorer\mountpoints2\{59590acf-e974-11dd-9fe3 -806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe root.ini
[HKEY_CURRENT_USER\software\microsoft\windows\current version\explorer\mountpoints2\{dadf8d2c-00d2-11de-b5cb -00508d97e863}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - POISTETUT JÄMÄRIVIT - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Aaro\Application Data\Mozilla\Firefox\Profiles\nidsrchw.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fi
.
********************************************************* *****************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 20:59:32
Windows 5.1.2600 Service Pack 3 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
********************************************************* *****************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
------------------------ Muut prosessit ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
.
********************************************************* *****************
.
Valmistumisajankohta: 2009-03-26 21:02:04 - kone käynnistettiin uudelleen [Aaro]
ComboFix-quarantined-files.txt 2009-03-26 19:02:01
Ennen ajoa: 222 755 491 840 bytes free
Ajon jälkeen: 223,167,680,512 bytes free
233 --- E O F --- 2009-03-14 21:33:55
--------------------------------------------------------- -
ja
HTJ LOGI
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:15, on 26.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CoreTemp\Core Temp.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Inter net Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shortcut to Core Temp.lnk = C:\Program Files\CoreTemp\Core Temp.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/oc...PID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 7615 bytes
Miltäs näyttää?
|
|
BforeDusk
AfterDawn Addict
|
27. maaliskuuta 2009 @ 11:27 |
Linkki tähän viestiin
|
|
Varmuuskopiot kaikesta tärkeestä, kun kerran kone toimii nyt jotenkin. (Vaikka olisvat saastuneita)
Pelien save gamet jne. talteen, niin uudelleen asennuksella jatkat siitä mihin jäit..
Niin tolkuttoman pitkä postaus, kun en oo noihin perehtynyt, ei mitään mielenkiintoo alkaa googlailla ja selvitteleen onko mhadollisesti haitake vai kuuluuko ohjelmaan X, joka sulla ehkä on.
Kone sileeks ja kaikki uusiksi asentaen. Takuusti lähtee haitakkeet. Ja tulee samalla winukkakin ihan toiseen kuntoon. Se kun rampautuu aikaa myöten itsestään.
Ja jos olet asennellut ja poistellut lähtee ne jämät.
Kuin myös vanhat ajurien rippeet, jos on tullut päiviteltyä tai rautaa vaihdettua.
Saattaahan joku sulle vastauksen osata kertoa, jos hirvee hinku paikkailla tota takaisin toimivaksi.
Osta paskaa, saat 2kk kaupan päälle.
- Zz Topelius -
|
|
Mainos
|
|
|
Moderator
14 tuotearviota
|
27. maaliskuuta 2009 @ 12:53 |
Linkki tähän viestiin
|
|
Siirretty tänne login tarkastusta varten, siirretään takaisin jos on tarvis.
Phenom X4 955BE | HD 5770 | 4GB DDR3 || #afterdawn.com @ QuakeNet
|
|
