zulo Skrevet 3. februar 2008 Skrevet 3. februar 2008 Dette skjer helt tilfeldig virker det som, men plutselig vil ikke firefox laste inn nettsider. Det skjer helt tilfeldig etter at maskinen har stått på en stund, det står bare "stopped" nede på statuslinjen i firefox. Hvis jeg prøver å starte den samme internet adressen i internet explorer går ikke det heller, det virker som det er noe med windows xp som henger seg sånn at det ikke går an å laste inn websider :o Har forsøkt å lukke firefox prosesser og det fungerer noen ganger og noen ganger ikke. Skjønner ikke hva dette kan være, tror nesten det må være et problem på lavere nivå, noe med nettverkskortet? Hovedkortet er asus p5k deluxe, kan ikke huske å ha hatt dette problemet før jeg skiftet hovedkort, veldig merkelig. Når det skjer så fungerer alt annet på nettverket det er kun åpning av websider som "stopper". Noen som har opplevd det samme?
Stigma Skrevet 3. februar 2008 Skrevet 3. februar 2008 Vel det første du må sjekke er om du fremdeles har kontakt med internet. Prøv først å pinge www.vg.no og så evt. IPen 193.69.165.21 (også VG) for åse om det er et DNS problem. Om begge disse fungerer er det et noe mer komplekst problem. har du kanskje noe firewall/internet security pakke kjørende? -Stigma
deep750 Skrevet 3. februar 2008 Skrevet 3. februar 2008 uten at du har nevnt det, kjører du torrent ned-/opplasting når dette skjer? Hvis så er tilfelle, avslutt, og forsøk å åpne nettsider igjen etter noen sekuder.
zulo Skrevet 3. februar 2008 Forfatter Skrevet 3. februar 2008 Har ikke torrent nedlasting igang. Alt annet bruk av internet fungerer,f.eks spill. Har 20mbit/1.5mbit linje fra dataguard. Skal prøve å følge med hvilke sider jeg har åpnet når dette plutselig oppstår i tilfelle det har noe med en plugin å gjøre.
snippsat Skrevet 3. februar 2008 Skrevet 3. februar 2008 Last ned post logg. http://www.trendsecure.com/portal/en-US/to...ckthis/download
zulo Skrevet 3. februar 2008 Forfatter Skrevet 3. februar 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:53:24, on 03.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\VMware\VMware Workstation\hqtray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webtv.tv2.no/webtv/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.44.238.95:80 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM') O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.cdon.com O15 - Trusted Zone: *.cdon.no O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 8865 bytes
snippsat Skrevet 3. februar 2008 Skrevet 3. februar 2008 (endret) Loggen ser grei ut. Start hjt merk disse så fixed. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx Er denne linjen noe du kjenner til. Du kan prøve og fixe den. Pass på at ikke ProxyServer kjører på firefox eller iexplolere. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.44.238.95:80 Du har Kerio Personal Firewall denne kan gi det problemet du beskriver. Disable den og se om det hjelper. Kjør en runde med denne. Disable antivirus-firewall. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Endret 3. februar 2008 av SNIPPSAT
zulo Skrevet 6. februar 2008 Forfatter Skrevet 6. februar 2008 ComboFix 08-02.05.3 - bergsprekken 2008-01-09 19:42:40.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1541 [GMT 1:00] Running from: C:\Documents and Settings\bergsprekken\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- hxxp://www.download.windowsupdate.com . ((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))) . 2008-02-05 00:48 . 2008-02-05 00:55 <DIR> d-------- C:\nethack 2008-02-03 17:47 . 2008-02-03 17:47 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-03 17:47 . 2008-02-03 17:47 812,344 --a------ C:\HJTInstall.exe 2008-02-01 18:30 . 2008-02-01 18:30 244 --ah----- C:\sqmnoopt01.sqm 2008-02-01 18:30 . 2008-02-01 18:30 232 --ah----- C:\sqmdata01.sqm 2008-01-30 18:52 . 2008-02-01 22:21 <DIR> d-------- C:\Program Files\Mount&Blade 2008-01-28 18:33 . 2008-01-28 18:39 <DIR> d-------- C:\WINDOWS\system32\oodag 2008-01-28 18:24 . 2008-01-28 18:24 0 --a------ C:\WINDOWS\oodcnt.INI 2008-01-28 16:10 . 2008-01-28 16:10 <DIR> d-------- C:\Program Files\Intel Corporation 2008-01-27 19:59 . 2008-01-27 19:59 <DIR> d-------- C:\Program Files\Simpli Software 2008-01-27 01:54 . 2008-01-27 01:54 <DIR> d-------- C:\hjsplit 2008-01-24 23:56 . 2008-01-24 15:32 <DIR> d-------- C:\__MACOSX 2008-01-15 00:28 . 2008-01-15 00:28 <DIR> d-------- C:\CERTS 2008-01-15 00:28 . 2007-05-24 09:53 319,456 --a------ C:\DIFxAPI.dll 2008-01-15 00:28 . 2007-05-24 09:53 240,128 --a------ C:\royal.sys 2008-01-15 00:28 . 2007-05-24 09:53 167,936 --a------ C:\OEMTool.exe 2008-01-15 00:28 . 2007-05-24 09:53 1,406 --a------ C:\royal.inf 2008-01-14 23:46 . 2008-01-16 07:18 <DIR> d--hs---- C:\Boot 2008-01-14 23:46 . 2008-01-16 06:48 443,912 -rahs---- C:\bootmgr 2008-01-14 23:46 . 2008-01-15 08:56 8,192 -ra-s---- C:\BOOTSECT.BAK 2008-01-14 23:02 . 2008-01-14 23:02 <DIR> d-------- C:\Program Files\Symantec 2008-01-14 22:59 . 2008-01-14 22:59 <DIR> d-------- C:\Program Files\MagicDisc 2008-01-14 22:59 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys 2008-01-14 21:22 . 2008-01-14 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acronis 2008-01-14 21:17 . 2008-01-14 21:17 <DIR> d-------- C:\Program Files\Common Files\Acronis 2008-01-14 21:17 . 2008-01-14 21:17 <DIR> d-------- C:\Program Files\Acronis 2008-01-14 21:17 . 2008-01-14 21:17 395,744 --a------ C:\WINDOWS\system32\drivers\timntr.sys 2008-01-14 21:17 . 2008-01-14 21:17 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2008-01-14 21:17 . 2008-01-14 21:17 39,712 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys 2008-01-13 21:48 . 2008-01-13 21:48 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-01-13 21:48 . 2008-01-13 21:48 22,328 --a------ C:\Documents and Settings\bergsprekken\Application Data\PnkBstrK.sys 2008-01-13 21:43 . 2008-01-13 21:43 <DIR> d-------- C:\Program Files\Electronic Arts 2008-01-13 10:52 . 2008-01-13 10:52 <DIR> d-------- C:\Documents and Settings\bergsprekken\workspace 2008-01-12 23:52 . 2008-01-12 23:52 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-01-12 21:29 . 2008-02-03 04:17 <DIR> d-------- C:\Program Files\mIRC 2008-01-12 21:29 . 2008-02-03 04:18 <DIR> d-------- C:\Documents and Settings\bergsprekken\Application Data\mIRC 2008-01-12 18:45 . 2008-01-12 18:45 <DIR> d-------- C:\WINDOWS\Performance 2008-01-12 18:44 . 2008-02-01 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation 2008-01-12 14:50 . 2008-01-12 14:50 <DIR> d-------- C:\WINDOWS\srchasst 2008-01-11 23:09 . 2008-01-11 23:09 <DIR> d-------- C:\Program Files\Activision 2008-01-11 23:06 . 2008-01-11 23:06 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-01-11 21:52 . 2008-01-11 21:52 <DIR> d-------- C:\Program Files\SEC 2008-01-10 20:31 . 2008-01-10 20:31 <DIR> d-------- C:\Program Files\Codemasters 2008-01-09 23:54 . 2008-01-09 23:54 268 --ah----- C:\sqmdata00.sqm 2008-01-09 23:54 . 2008-01-09 23:54 244 --ah----- C:\sqmnoopt00.sqm 2008-01-08 00:11 . 2007-06-15 11:06 145 --a------ C:\ColeccionMike.url . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-05 18:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware 2008-02-05 18:47 --------- d-----w C:\Documents and Settings\bergsprekken\Application Data\VMware 2008-02-05 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware 2008-02-03 03:40 --------- d-----w C:\Program Files\Lineage II 2008-02-01 21:42 --------- d-----w C:\Program Files\Common Files\logishrd 2008-02-01 21:38 --------- d-----w C:\Documents and Settings\bergsprekken\Application Data\IGN_DLM 2008-02-01 21:24 --------- d-----w C:\Program Files\vLite 2008-02-01 08:02 --------- d-----w C:\Program Files\Creative 2008-01-28 17:12 --------- d-----w C:\Program Files\Prime95 2008-01-28 15:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-25 23:44 --------- d-----w C:\Documents and Settings\bergsprekken\Application Data\uTorrent 2008-01-14 20:29 --------- d-----w C:\Program Files\Warcraft III 2008-01-13 20:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-13 20:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-01-12 22:52 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-01-12 17:10 --------- d-----w C:\Program Files\MSN Messenger 2008-01-11 21:54 --------- d-----w C:\Program Files\ASUS 2008-01-03 22:21 --------- d-----w C:\Documents and Settings\bergsprekken\Application Data\CyberLink 2008-01-03 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-01-03 21:50 --------- d-----w C:\Program Files\Kerio 2008-01-03 21:48 --------- d-----w C:\Program Files\CyberLink 2008-01-03 21:46 --------- d-----w C:\Program Files\PowerDVD Ultra Deluxe v7 3 2008-01-02 17:53 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-14 09:09 --------- d-----w C:\Program Files\SpeedFan 2007-12-12 16:15 --------- d-----w C:\Program Files\ASUS WiFi-AP Solo 2007-12-12 14:02 --------- d-----w C:\Program Files\UrbanTerror 2007-12-05 21:35 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-05 17:47 --------- d-----w C:\Documents and Settings\bergsprekken\Application Data\FileZilla 2007-12-05 17:45 --------- d-----w C:\Program Files\FileZilla Client 2007-11-25 18:24 71,168 ----a-w C:\Program Files\da 2007-11-21 18:47 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll 2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] "Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-11-30 08:38 1266936] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 07:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 09:23 1953792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008] "nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920] "CTHelper"="CTHELPER.EXE" [2006-08-17 10:32 17920 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 10:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe] "vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 21:52 68400] "VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-05-01 21:52 56112] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-19 14:41 249896] "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00 45056] "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152] "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152] "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34 122880] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 21:01 54832] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2007-01-31 12:59 1129232] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe" [2007-01-31 13:03 1862112] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-01-31 13:01 140832] C:\Documents and Settings\bergsprekken\Start Menu\Programs\Startup\ MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-01-14 22:59:30 557568] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-10-10 20:07:51 987136] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-14 13:11:00 692224] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37] R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2007-04-09 12:55] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 10:16] R3 vmkbd2;VMware kbd2;C:\WINDOWS\system32\drivers\VMkbd.sys [2007-05-01 21:52] S3 jgameenp;jgameenp;C:\DOCUME~1\BERGSP~1\LOCALS~1\Temp\jgameenp.sys [2007-04-18 10:50] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 08:30] S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2e15da9-776a-11dc-9e10-806d6172696f}] \Shell\AutoRun\command - F:\.\Bin\Assetup.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-05 19:47:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-02-05 19:53:10 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-05 18:53:04 . 2007-12-12 12:35:12 --- E O F ---
snippsat Skrevet 6. februar 2008 Skrevet 6. februar 2008 (endret) Hvordan går det med problemet nå? Hjelper disable firewall noe. Kjører deling softaware som utorrent i bakgrunn når dette skjer. Ikke kjør med det. 2008-01-12 22:52 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS Her ser det ut som TCPIP.SYS har blitt uppdate. Startet problemene rund dette tidspunkt. Winsockfix er noe du kan prøve. http://www.softpedia.com/get/Tweak/Network...inSockFix.shtml Endret 6. februar 2008 av SNIPPSAT
zulo Skrevet 6. februar 2008 Forfatter Skrevet 6. februar 2008 Husker jeg modda eller forandra på tcpip.sys for litt siden pga det skulle gi bedre torrent ytelse, men problemene har vært lenge før det. Det har ikke skjedd igjen enda, det er uforutsigbart når det skjer bortsett fra at det 5 av 10 ganger har skjedd når jeg åpner www.nettby.no men tror ikke det har noe å si hvis det ikke er noe flash som blir startet opp akkurat da og det er buggy..
snippsat Skrevet 6. februar 2008 Skrevet 6. februar 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\DOCUME~1\BERGSP~1\LOCALS~1\Temp\jgameenp.sys Driver:: jgameenp Fila jgameenp.sys er en fil med backdoor-funksjon (inkl. et Rootkit) Last ned kjør CCleaner Du får se om problemet er borte nå. Winsockfix og ny software for ruter "viss du kjører igjenomm ruter" Viss problemet kommer igjen Endret 6. februar 2008 av SNIPPSAT
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå