plutselig går det ikke an å laste websider

zulo · 3. februar 2008

Dette skjer helt tilfeldig virker det som, men plutselig vil ikke firefox laste inn nettsider. Det skjer helt tilfeldig etter at maskinen har stått på en stund, det står bare "stopped" nede på statuslinjen i firefox. Hvis jeg prøver å starte den samme internet adressen i internet explorer går ikke det heller, det virker som det er noe med windows xp som henger seg sånn at det ikke går an å laste inn websider :o Har forsøkt å lukke firefox prosesser og det fungerer noen ganger og noen ganger ikke. Skjønner ikke hva dette kan være, tror nesten det må være et problem på lavere nivå, noe med nettverkskortet? Hovedkortet er asus p5k deluxe, kan ikke huske å ha hatt dette problemet før jeg skiftet hovedkort, veldig merkelig. Når det skjer så fungerer alt annet på nettverket det er kun åpning av websider som "stopper".

Noen som har opplevd det samme?

Stigma · 3. februar 2008

Vel det første du må sjekke er om du fremdeles har kontakt med internet. Prøv først å pinge www.vg.no og så evt. IPen 193.69.165.21 (også VG) for åse om det er et DNS problem.

Om begge disse fungerer er det et noe mer komplekst problem. har du kanskje noe firewall/internet security pakke kjørende?

-Stigma

deep750 · 3. februar 2008

uten at du har nevnt det, kjører du torrent ned-/opplasting når dette skjer?

Hvis så er tilfelle, avslutt, og forsøk å åpne nettsider igjen etter noen sekuder.

zulo · 3. februar 2008

Har ikke torrent nedlasting igang. Alt annet bruk av internet fungerer,f.eks spill. Har 20mbit/1.5mbit linje fra dataguard.

Skal prøve å følge med hvilke sider jeg har åpnet når dette plutselig oppstår i tilfelle det har noe med en plugin å gjøre.

snippsat · 3. februar 2008

Last ned post logg.

http://www.trendsecure.com/portal/en-US/to...ckthis/download

zulo · 3. februar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:53:24, on 03.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\VMware\VMware Workstation\hqtray.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webtv.tv2.no/webtv/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.44.238.95:80

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.cdon.com

O15 - Trusted Zone: *.cdon.no

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--

End of file - 8865 bytes

snippsat · 3. februar 2008

Loggen ser grei ut.

Start hjt merk disse så fixed.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

Er denne linjen noe du kjenner til.

Du kan prøve og fixe den.

Pass på at ikke ProxyServer kjører på firefox eller iexplolere.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.44.238.95:80

Du har Kerio Personal Firewall denne kan gi det problemet du beskriver.

Disable den og se om det hjelper.

Kjør en runde med denne.

Disable antivirus-firewall.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Endret 3. februar 2008 av SNIPPSAT

zulo · 6. februar 2008

ComboFix 08-02.05.3 - bergsprekken 2008-01-09 19:42:40.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1541 [GMT 1:00]

Running from: C:\Documents and Settings\bergsprekken\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com

.

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))

.

2008-02-05 00:48 . 2008-02-05 00:55 <DIR> d-------- C:\nethack

2008-02-03 17:47 . 2008-02-03 17:47 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-03 17:47 . 2008-02-03 17:47 812,344 --a------ C:\HJTInstall.exe

2008-02-01 18:30 . 2008-02-01 18:30 244 --ah----- C:\sqmnoopt01.sqm

2008-02-01 18:30 . 2008-02-01 18:30 232 --ah----- C:\sqmdata01.sqm

2008-01-30 18:52 . 2008-02-01 22:21 <DIR> d-------- C:\Program Files\Mount&Blade

2008-01-28 18:33 . 2008-01-28 18:39 <DIR> d-------- C:\WINDOWS\system32\oodag

2008-01-28 18:24 . 2008-01-28 18:24 0 --a------ C:\WINDOWS\oodcnt.INI

2008-01-28 16:10 . 2008-01-28 16:10 <DIR> d-------- C:\Program Files\Intel Corporation

2008-01-27 19:59 . 2008-01-27 19:59 <DIR> d-------- C:\Program Files\Simpli Software

2008-01-27 01:54 . 2008-01-27 01:54 <DIR> d-------- C:\hjsplit

2008-01-24 23:56 . 2008-01-24 15:32 <DIR> d-------- C:\__MACOSX

2008-01-15 00:28 . 2008-01-15 00:28 <DIR> d-------- C:\CERTS

2008-01-15 00:28 . 2007-05-24 09:53 319,456 --a------ C:\DIFxAPI.dll

2008-01-15 00:28 . 2007-05-24 09:53 240,128 --a------ C:\royal.sys

2008-01-15 00:28 . 2007-05-24 09:53 167,936 --a------ C:\OEMTool.exe

2008-01-15 00:28 . 2007-05-24 09:53 1,406 --a------ C:\royal.inf

2008-01-14 23:46 . 2008-01-16 07:18 <DIR> d--hs---- C:\Boot

2008-01-14 23:46 . 2008-01-16 06:48 443,912 -rahs---- C:\bootmgr

2008-01-14 23:46 . 2008-01-15 08:56 8,192 -ra-s---- C:\BOOTSECT.BAK

2008-01-14 23:02 . 2008-01-14 23:02 <DIR> d-------- C:\Program Files\Symantec

2008-01-14 22:59 . 2008-01-14 22:59 <DIR> d-------- C:\Program Files\MagicDisc

2008-01-14 22:59 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys

2008-01-14 21:22 . 2008-01-14 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acronis

2008-01-14 21:17 . 2008-01-14 21:17 <DIR> d-------- C:\Program Files\Common Files\Acronis

2008-01-14 21:17 . 2008-01-14 21:17 <DIR> d-------- C:\Program Files\Acronis

2008-01-14 21:17 . 2008-01-14 21:17 395,744 --a------ C:\WINDOWS\system32\drivers\timntr.sys

2008-01-14 21:17 . 2008-01-14 21:17 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys

2008-01-14 21:17 . 2008-01-14 21:17 39,712 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys

2008-01-13 21:48 . 2008-01-13 21:48 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-01-13 21:48 . 2008-01-13 21:48 22,328 --a------ C:\Documents and Settings\bergsprekken\Application Data\PnkBstrK.sys

2008-01-13 21:43 . 2008-01-13 21:43 <DIR> d-------- C:\Program Files\Electronic Arts

2008-01-13 10:52 . 2008-01-13 10:52 <DIR> d-------- C:\Documents and Settings\bergsprekken\workspace

2008-01-12 23:52 . 2008-01-12 23:52 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2008-01-12 21:29 . 2008-02-03 04:17 <DIR> d-------- C:\Program Files\mIRC

2008-01-12 21:29 . 2008-02-03 04:18 <DIR> d-------- C:\Documents and Settings\bergsprekken\Application Data\mIRC

2008-01-12 18:45 . 2008-01-12 18:45 <DIR> d-------- C:\WINDOWS\Performance

2008-01-12 18:44 . 2008-02-01 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation

2008-01-12 14:50 . 2008-01-12 14:50 <DIR> d-------- C:\WINDOWS\srchasst

2008-01-11 23:09 . 2008-01-11 23:09 <DIR> d-------- C:\Program Files\Activision

2008-01-11 23:06 . 2008-01-11 23:06 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-01-11 21:52 . 2008-01-11 21:52 <DIR> d-------- C:\Program Files\SEC

2008-01-10 20:31 . 2008-01-10 20:31 <DIR> d-------- C:\Program Files\Codemasters

2008-01-09 23:54 . 2008-01-09 23:54 268 --ah----- C:\sqmdata00.sqm

2008-01-09 23:54 . 2008-01-09 23:54 244 --ah----- C:\sqmnoopt00.sqm

2008-01-08 00:11 . 2007-06-15 11:06 145 --a------ C:\ColeccionMike.url

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-05 18:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware

2008-02-05 18:47 --------- d-----w C:\Documents and Settings\bergsprekken\Application Data\VMware

2008-02-05 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware

2008-02-03 03:40 --------- d-----w C:\Program Files\Lineage II

2008-02-01 21:42 --------- d-----w C:\Program Files\Common Files\logishrd

2008-02-01 21:38 --------- d-----w C:\Documents and Settings\bergsprekken\Application Data\IGN_DLM

2008-02-01 21:24 --------- d-----w C:\Program Files\vLite

2008-02-01 08:02 --------- d-----w C:\Program Files\Creative

2008-01-28 17:12 --------- d-----w C:\Program Files\Prime95

2008-01-28 15:10 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-25 23:44 --------- d-----w C:\Documents and Settings\bergsprekken\Application Data\uTorrent

2008-01-14 20:29 --------- d-----w C:\Program Files\Warcraft III

2008-01-13 20:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-13 20:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-01-12 22:52 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-01-12 17:10 --------- d-----w C:\Program Files\MSN Messenger

2008-01-11 21:54 --------- d-----w C:\Program Files\ASUS

2008-01-03 22:21 --------- d-----w C:\Documents and Settings\bergsprekken\Application Data\CyberLink

2008-01-03 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink

2008-01-03 21:50 --------- d-----w C:\Program Files\Kerio

2008-01-03 21:48 --------- d-----w C:\Program Files\CyberLink

2008-01-03 21:46 --------- d-----w C:\Program Files\PowerDVD Ultra Deluxe v7 3

2008-01-02 17:53 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-12-14 09:09 --------- d-----w C:\Program Files\SpeedFan

2007-12-12 16:15 --------- d-----w C:\Program Files\ASUS WiFi-AP Solo

2007-12-12 14:02 --------- d-----w C:\Program Files\UrbanTerror

2007-12-05 21:35 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-12-05 17:47 --------- d-----w C:\Documents and Settings\bergsprekken\Application Data\FileZilla

2007-12-05 17:45 --------- d-----w C:\Program Files\FileZilla Client

2007-11-25 18:24 71,168 ----a-w C:\Program Files\da

2007-11-21 18:47 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll

2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]

"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-11-30 08:38 1266936]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 07:36 36864]

"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 09:23 1953792]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]

"CTHelper"="CTHELPER.EXE" [2006-08-17 10:32 17920 C:\WINDOWS\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 10:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe]

"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 21:52 68400]

"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-05-01 21:52 56112]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-19 14:41 249896]

"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00 45056]

"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152]

"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152]

"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34 122880]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 21:01 54832]

"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2007-01-31 12:59 1129232]

"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe" [2007-01-31 13:03 1862112]

"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-01-31 13:01 140832]

C:\Documents and Settings\bergsprekken\Start Menu\Programs\Startup\

MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-01-14 22:59:30 557568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-10-10 20:07:51 987136]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-14 13:11:00 692224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37]

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2007-04-09 12:55]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 10:16]

R3 vmkbd2;VMware kbd2;C:\WINDOWS\system32\drivers\VMkbd.sys [2007-05-01 21:52]

S3 jgameenp;jgameenp;C:\DOCUME~1\BERGSP~1\LOCALS~1\Temp\jgameenp.sys [2007-04-18 10:50]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 08:30]

S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2e15da9-776a-11dc-9e10-806d6172696f}]

\Shell\AutoRun\command - F:\.\Bin\Assetup.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-05 19:47:43

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-02-05 19:53:10 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-05 18:53:04

.

2007-12-12 12:35:12 --- E O F ---

snippsat · 6. februar 2008

Hvordan går det med problemet nå?

Hjelper disable firewall noe.

Kjører deling softaware som utorrent i bakgrunn når dette skjer.

Ikke kjør med det.

2008-01-12 22:52 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

Her ser det ut som TCPIP.SYS har blitt uppdate.

Startet problemene rund dette tidspunkt.

Winsockfix er noe du kan prøve.

http://www.softpedia.com/get/Tweak/Network...inSockFix.shtml

Endret 6. februar 2008 av SNIPPSAT

zulo · 6. februar 2008

Husker jeg modda eller forandra på tcpip.sys for litt siden pga det skulle gi bedre torrent ytelse, men problemene har vært lenge før det. Det har ikke skjedd igjen enda, det er uforutsigbart når det skjer bortsett fra at det 5 av 10 ganger har skjedd når jeg åpner www.nettby.no men tror ikke det har noe å si hvis det ikke er noe flash som blir startet opp akkurat da og det er buggy..

snippsat · 6. februar 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\DOCUME~1\BERGSP~1\LOCALS~1\Temp\jgameenp.sys

Driver::

jgameenp

Fila jgameenp.sys er en fil med backdoor-funksjon (inkl. et Rootkit)

Last ned kjør CCleaner

Du får se om problemet er borte nå.

Winsockfix og ny software for ruter "viss du kjører igjenomm ruter"

Viss problemet kommer igjen

Endret 6. februar 2008 av SNIPPSAT

Logg inn

plutselig går det ikke an å laste websider

Anbefalte innlegg

zulo

Lenke til kommentar

Videoannonse

Stigma

Lenke til kommentar

deep750

Lenke til kommentar

zulo

Lenke til kommentar

snippsat

Lenke til kommentar

zulo

Lenke til kommentar

snippsat

Lenke til kommentar

zulo

Lenke til kommentar

snippsat

Lenke til kommentar

zulo

Lenke til kommentar

snippsat

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Trump 2025 1 2 3 4 144

Russlands invasjon av Ukraina [Ny tråd, les førstepost] 1 2 3 4 3740

Hvem er aktive 0 medlemmer