[Løst]Mister internettforbindelesen ofte.

[hennigolsen]

Hei!

 

Det har oppstått et meget irriterende problem på netterverket mitt. Det hele begynte for ca. en mnd siden, da jeg plutselig mistet muligheten til å bruke internett.

 

Typisk situasjon hvor det skjer:

 

Jeg starter Pcen, logger meg inn i et onlinespill, spiller i ca. 30 min, da trenger jeg en pause og ALT+TAB`er ut i Windows og starter mozilla.

Det som skjer da er at mozilla vinduet bare er hvitt, samme hvilken adresse jeg går til (google.no, vg.no etc).

Får ikke beskjed om at siden ikke kunne lastes eller noe, siden er bare hvit. Akkurat det samme skjer hvis jeg bruker Internett explorer.

Men jeg kan uten problemer ALT+TAB`e tilbake inn i onlinespillet, og spille videre.

 

Det merkelige er at hvis jeg så avslutter onlinespillet og så starter spillet opp igjen, så får jeg ikke kontakt med server.

 

Et annet eksempel for å illustrere:

 

Jeg starter Pcen, starter opp Utorrent og begynner å laste ned X, jeg går på butikken og er tilbake etter 1 time. Nedlastningen holder framdeles på helt problemfritt, men jeg kan ikke bruker mozilla/explorer eller noe annet program som er avhengig av å koble seg til internett!

 

Hvis jeg så avslutter torrent-programmet og starter det, fungerer det ikke lenger..

 

Den eneste måten jeg kan fikse problemet på er å restarte PC eller å ta en relog av Windows!

 

Det fungerer ikke å restarte router, kjøre cmd->ipconfig/release->ipconfig/renew, eller å reparere tilkoblingen. Jeg er NØDT til å starte PC på nytt, eller ta en relog av Windows.

 

 

En annen ting som er merkelig, er at jeg framdeles kan: cmd->ping google.no osv. Det fungerer fint, men jeg får ikke brukt internett!

 

Jeg tok en kopi av "cmd->ipconfig/all", når jeg hadde tilkoblingsproblemet, den ser slik ut:

 

 

Microsoft Windows XP [Versjon 5.1.2600]

© Copyright 1985-2001 Microsoft Corporation

 

C:\Documents and Settings\Anders>ping google.no

 

Pinger google.no [216.239.59.104] med 32 byte data:

 

Svar fra 216.239.59.104: byte=32 tid=54ms TTL=239

Svar fra 216.239.59.104: byte=32 tid=55ms TTL=239

Svar fra 216.239.59.104: byte=32 tid=54ms TTL=239

Svar fra 216.239.59.104: byte=32 tid=75ms TTL=239

 

Ping-statistikker for 216.239.59.104:

Pakker: sendt = 4, mottatt = 4, tapt = 0 (0% tap),

Gjennomsnittlig tid for tur-retur i millisekunder:

minimum = 54ms, maksimum = 75ms, gjennomsnittlig = 59ms

 

C:\Documents and Settings\Anders>ipconfig/all

 

Windows IP-konfigurasjon

 

Vertsnavn . . . . . . . . . . . : aho

Primær DNS-suffiks . . . . . . . :

Nodetype . . . . . . . . . . . . : Ukjent

IP-ruting aktivert . . . . . . . : Nei

WINS Proxy aktivert. . . . . . . : Nei

 

Ethernet-kort Lokal tilkobling 2:

 

Tilkoblingsspesifikt DNS-suffiks :

Beskrivelse . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Comp

lete PC Management NIC (3C905C-TX)

Fysisk adresse . . . . . . . . . : 00-0A-5E-20-CA-29

DHCP aktivert. . . . . . . . . . : Ja

Automatisk konfigurasjon aktivert: Ja

IP-adresse . . . . . . . . . . . : 192.168.1.106

Nettverksmaske . . . . . . . . . : 255.255.255.0

Standard gateway . . . . . . . . : 192.168.1.1

DHCP-server. . . . . . . . . . . : 192.168.1.1

DNS-servere. . . . . . . . . . . : 195.159.0.100

Leasingavtale mottatt. . . . . . : 30. mars 2008 19:34:47

Leasingavtale utgår. . . . . . . : 31. mars 2008 19:34:47

 

 

PC spec:

 

WIN XP med nyeste SP og oppgraderinger.

Linksys WRT54G v3.1, med nyeste upgrade.

Nextgentel 6mb linje.

Kjører

 

Er det noen som har hatt tilsvarene problemer, eller har synspunkter som kanskje kan hjelpe meg?

 

Jeg har vært i kontakt med både Linksys og Nextgentel, de mener problemet ligger på PC`en min. Jeg vet ikke..har prøvd alt nå! Til og med å sette inn et nytt nettverkskort!

 

 

 

Uansett, har brukt HijackThis, og dette fikk jeg som resultat:

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 02:36:07, on 31.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\RECYCLER\svchost.exe

C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

D:\Games\Conan Hyborian Adventures\AgeOfConan.exe

C:\Documents and Settings\Anders Hennig-Olsen\Skrivebord\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Microsoft Help] C:\RECYCLER\svchost.exe

O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programfiler\Octoshape Streaming Services\Anders Hennig-Olsen\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [MsgCenterExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A997F2F8-A3CF-419E-9847-4AD041DA8B48}: NameServer = 195.159.0.100

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: inquisitionist - {12a8c4e6-06c8-4ab3-9274-a0cde148e3da} - C:\WINDOWS\system32\clbrcek.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 7473 bytes

 

 

 

 

 

Jeg kan ikke "lese" noe særlig ut ifra dette, men er det noen som kan det?

 

Setter stor pris på hjelp!

 

mvh,

anders

Endret 1. april 2008 av hennigolsen

[r2d290]

Hallo...

 

Tok en rask titt på hijackthis-loggen. Den forteller meg at alt ikke er helt som det skal... Synes du kan gå gjennom guiden til norbat, og komme tilbake når det er gjort.

 

Kjør LANGVERSONEN av https://www.diskusjon.no/index.php?showtopic=691246

Endret 31. mars 2008 av r2d290

[hennigolsen]

Hei og takk for svar!

 

Har nå kjørt CCleaner, SuperAntiSpyware, Combofix og HijackThis.

 

Loggene er som følger:

 

 

SuperAntiSpyware:

Klikk for å se/fjerne innholdet nedenfor

<SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/31/2008 at 08:14 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3427

Trace Rules Database Version: 1419

 

Scan type : Complete Scan

Total Scan Time : 00:18:04

 

Memory items scanned : 405

Memory threats detected : 0

Registry items scanned : 5854

Registry threats detected : 5

File items scanned : 13475

File threats detected : 2

 

Trojan.Smitfraud Variant

HKLM\Software\Classes\CLSID\{12a8c4e6-06c8-4ab3-9274-a0cde148e3da}

HKCR\CLSID\{12A8C4E6-06C8-4AB3-9274-A0CDE148E3DA}

HKCR\CLSID\{12A8C4E6-06C8-4AB3-9274-A0CDE148E3DA}\InProcServer32

HKCR\CLSID\{12A8C4E6-06C8-4AB3-9274-A0CDE148E3DA}\InProcServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\CLBRCEK.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{12a8c4e6-06c8-4ab3-9274-a0cde148e3da}

 

Worm.Agobot Variant

C:\WINDOWS\SYSTEM32::LSAS.EXE

>

 

ComboFix:

Klikk for å se/fjerne innholdet nedenfor

<ComboFix 08-03-30.4 - Anders 2008-03-31 20:24:25.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1562 [GMT 2:00]

Running from: C:\Documents and Settings\Anders\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\RECYCLER\svchost.exe

C:\WINDOWS\bhookpl.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))

.

 

2008-03-31 20:20 . 2008-03-31 20:20 <DIR> dr-h----- C:\Documents and Settings\Anders\Siste

2008-03-31 19:53 . 2008-03-31 19:53 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-31 19:53 . 2008-03-31 19:53 <DIR> d-------- C:\Documents and Settings\Anders\Programdata\SUPERAntiSpyware.com

2008-03-31 19:53 . 2008-03-31 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-03-31 19:48 . 2008-03-31 19:48 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-30 23:32 . 2008-03-31 03:17 4,194,383 --a------ C:\brannmur.log.old

2008-03-30 19:39 . 2008-03-30 19:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-03-30 18:28 . 2008-03-30 18:28 <DIR> d-------- C:\WINDOWS\nview

2008-03-30 18:28 . 2008-03-24 19:52 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-03-30 18:28 . 2008-03-31 20:20 175,033 --a------ C:\WINDOWS\system32\nvapps.xml

2008-03-30 18:28 . 2008-03-24 19:52 17,937 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-03-30 18:27 . 2008-03-24 11:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-03-30 13:22 . 2001-08-17 20:11 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys

2008-03-30 13:22 . 2001-08-17 20:11 66,591 --a--c--- C:\WINDOWS\system32\dllcache\el90xbc5.sys

2008-03-28 20:02 . 2008-03-28 20:02 <DIR> d-------- C:\socketfix

2008-03-28 20:02 . 2008-03-28 20:02 <DIR> d-------- C:\ERDNT

2008-03-16 02:26 . 2008-03-30 18:28 <DIR> d-------- C:\WINDOWS\nvidia icons

2008-03-14 15:46 . 2008-03-14 15:46 <DIR> d-------- C:\Programfiler\SystemRequirementsLab

2008-03-14 15:45 . 2008-03-14 15:46 <DIR> d-------- C:\Documents and Settings\Anders\SystemRequirementsLab

2008-03-06 17:00 . 2008-03-31 20:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-06 17:00 . 2008-03-06 17:00 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-06 16:59 . 2008-03-06 17:00 <DIR> d-------- C:\Programfiler\iTunes

2008-03-06 16:59 . 2008-03-06 16:59 <DIR> d-------- C:\Programfiler\iPod

2008-03-06 16:58 . 2008-03-06 16:59 <DIR> d-------- C:\Programfiler\QuickTime

2008-03-06 16:03 . 2008-03-06 16:03 <DIR> d-------- C:\Programfiler\ZiPhone

2008-03-05 21:23 . 2008-03-05 21:23 <DIR> d-------- C:\Programfiler\MSN Messenger

2008-03-05 18:50 . 2008-03-05 18:50 <DIR> d-------- C:\Programfiler\Microsoft Silverlight

2008-03-05 18:29 . 2008-03-05 18:28 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-05 18:28 . 2008-03-05 18:29 <DIR> d-------- C:\Documents and Settings\Anders\.housecall6.6

2008-03-05 18:13 . 2008-03-05 18:13 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-05 18:03 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-05 18:02 . 2008-03-05 18:02 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-03-01 20:21 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll

2008-03-01 20:21 . 2007-07-19 19:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-03-01 20:21 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll

2008-03-01 20:21 . 2007-07-19 19:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2008-03-01 20:21 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll

2008-03-01 20:21 . 2007-07-19 19:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2008-03-01 20:21 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll

2008-03-01 20:21 . 2007-07-20 01:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

2008-03-01 20:20 . 2008-03-01 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\media center programs

2008-02-25 17:18 . 2008-02-25 17:18 <DIR> d-------- C:\Programfiler\Gabest

2008-02-24 22:02 . 2008-03-05 21:16 <DIR> d-------- C:\Programfiler\Windows Live

2008-02-24 22:02 . 2008-02-24 22:02 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-02-24 22:02 . 2008-02-24 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-02-23 18:54 . 2008-02-23 18:54 <DIR> d-------- C:\Programfiler\Ventrilo

2008-02-23 18:54 . 2008-03-31 19:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-02-03 22:31 . 2008-02-03 22:31 244 --ah----- C:\sqmnoopt06.sqm

2008-02-03 22:31 . 2008-02-03 22:31 232 --ah----- C:\sqmdata06.sqm

2008-02-03 03:54 . 2008-02-03 03:54 <DIR> d-------- C:\Programfiler\MSXML 4.0

2008-02-02 03:55 . 2008-02-02 03:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Age of Empires 3

2008-02-02 03:40 . 2008-02-02 03:40 <DIR> d-------- C:\Programfiler\Microsoft Games

2008-02-01 00:13 . 2008-02-01 00:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-02-01 00:13 . 2008-02-01 00:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-31 09:22 --------- d-----w C:\Documents and Settings\Anders\Programdata\uTorrent

2008-03-28 17:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-03-16 13:47 --------- d-----w C:\Documents and Settings\Anders\Programdata\mIRC

2008-03-16 12:53 --------- d-----w C:\Programfiler\mIRC

2008-03-11 22:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-03-11 22:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-03-11 19:20 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-03-09 18:48 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-03-06 14:58 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-03-05 16:06 --------- d-----w C:\Programfiler\Java

2008-03-05 00:39 --------- d-----w C:\Programfiler\Bonjour

2008-03-01 18:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-04 02:57 --------- d-----w C:\Programfiler\DivX

2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-07 02:17 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-03 20:53 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-12-03 20:49 22,328 ----a-w C:\Documents and Settings\Anders\Programdata\PnkBstrK.sys

2007-11-04 04:25 61,952 ----a-w C:\Documents and Settings\Anders\special.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [ ]

 

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]

[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]

[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

"Octoshape Streaming Services"="C:\Programfiler\Octoshape Streaming Services\Anders\OctoshapeClient.exe" [ ]

"MsgCenterExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" [ ]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]

"SpyHunter"="" []

"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 19:30 16855552 C:\WINDOWS\RTHDCPL.exe]

"UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [ ]

"egui"="C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]

"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"D:\\Games\\World of Warcraft\\Launcher.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"D:\\Games\\Counter Strike\\Half-Life\\hl.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"C:\\Programfiler\\mIRC\\mirc.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\WINDOWS\\system32\\dxdiag.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"28171:TCP"= 28171:TCP:Utorrent

"28171:UDP"= 28171:UDP:Utorrent2

 

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 04:17]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-01-15 03:39]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34E75AC6-618B-F551-C4AE-02D79E967ECC}]

C:\WINDOWS\system32:lsas.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-31 20:25:33

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

C:\WINDOWS\system32:lsas.exe 85504 bytes executable

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

Completion time: 2008-03-31 20:25:54

ComboFix-quarantined-files.txt 2008-03-31 18:25:52

Pre-Run: 41,473,822,720 byte ledig

Post-Run: 41,470,963,712 byte ledig

.

2008-03-11 19:20:55 --- E O F ---

>

 

HiJackThis:

Klikk for å se/fjerne innholdet nedenfor

<Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:30:14, on 31.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\explorer.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Anders\Skrivebord\jack\jackit.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programfiler\Octoshape Streaming Services\Anders\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [MsgCenterExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A997F2F8-A3CF-419E-9847-4AD041DA8B48}: NameServer = 195.159.0.100

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 7309 bytes

>

 

 

Var dette fornuftig? Noen som kan se noe uregelmessigheter her?

 

Takker for alle som kommer med inspill: )

 

mvh

Anders

Endret 31. mars 2008 av hennigolsen

[r2d290]

Det hjalp litt

 

...og hvordan går det med problemene?

[norbat]

En trojan ble fjernet.

 

Du kan fortsette med følgende:

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Registry:

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34E75AC6-618B-F551-C4AE-02D79E967ECC}]

 

Trenger ikke å se noen ny logg.

 

Er dette ei fil du kjenner til?: C:\Documents and Settings\Anders\special.exe

[hennigolsen]

Hei igjen!

 

Problemet ser faktisk ut til å ha løst seg. Er på 2. timen nå, uten tap av internett!! Fantastisk, takk for link r2d290.

 

Gjorde som du sa norbat, men jeg har ingen ide hva special.exe er..

[norbat]

Gå til nettstedet http://virusscan.jotti.org/. Øverst på den siden kan du laste opp fila for en sjekk. Gi tilbakemelding på om det ble funnet noe.

[r2d290]

takk for link r2d290.

 

 

bare hyggelig, selvom det er norbat du bør takke

[hennigolsen]

Så nå at det var Norbat som faktisk hadde laget guiden, en rettet takk for den!

 

http://virusscan.jotti.org/:

Klikk for å se/fjerne innholdet nedenfor

< File: special.exe

Status:

INFECTED/MALWARE

MD5: 791c597c12f692f106caae0c248182a8

Packers detected:

-

Bit9 reports:

Scanner results

Scan taken on 31 Mar 2008 20:39:31 (GMT)

A-Squared

Found Trojan.Win32.Inject.mc

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found Dropper.Delf.PK

BitDefender

Found nothing

ClamAV

Found Trojan.Dropper-3070

CPsecure

Found Troj.W32.Inject.mc

Dr.Web

Found Win32.HLLM.Mugem

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found Trojan.Win32.Inject.mc

Fortinet

Found nothing

Ikarus

Found Virus.Trojan.Win32.Inject.mc

Kaspersky Anti-Virus

Found Trojan.Win32.Inject.mc

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found Backdoor.Win32.Poison.k

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found Trojan.Win32.Inject.mc

>

 

 

Ser ut som virus ja..

Endret 31. mars 2008 av hennigolsen

[norbat]

Vil tro at du bare kan høyreklikke på fila og slette den direkte fra utforsker. Si ifra om det ikke går.

 

r2d290: ikke vær så beskjeden da

[hennigolsen]

Det fungerte det! Må bare si takk for alle svar, det hjalp meg til å fikse et problem på et par timer, som jeg har brukt over 2 uker på å finne ut av...!

[norbat]

Du kan avinstallere combofix ved å skrive combofix /u fra kjør-feltet (start->kjør)

 

På vegne av r2d290 og meg selv sier jeg hversågod, bare hyggelig å være til hjelp.

 

Surf trygt

[r2d290]

Ja, versågod

 

endre innlegget ditt med full redigering, og endre emnetittelen din til:

[løst] Mister internettforbindelesen ofte.

Endret 1. april 2008 av r2d290