Programmer vil ikke åpne seg.

[EggMan88]

Sitter med et lite rart problem på laptoppen her. Enkelte programmer (som msn, Total Commander) kommer ikke opp på skjermen, de startes i Task Manager og blir liggende og jobbe i bakrunn, men kommer aldri visuelt opp på skjermen, vis jeg prøver og starte de flere ganger bare "hoper" de seg opp og det blir liggende X antall og jobbe i bakgrunn.

 

Har prøvd og avinstalere og instalere de på nytt men samme problemet. Starter jeg pc'en i Sikkerhetsmodus funker det, men ikke til vanlig.

 

Noen formening om hva dette kan komme av??

[CortexN]

Får du opp i msn-ikonet nederst i høyre hjørne ved klokka?

[EggMan88]

Får du opp i msn-ikonet nederst i høyre hjørne ved klokka?

 

Nope.

[Tosha0007]

høyres veldig rart ut, første tanken var malware, men er langt frå sikker. Kan godt ver eg berre ser infiserte pc'ar over alt

 

Viss du trur det er malware, følg veiledninga øvst i signaturen min

[Bruker-158599]

høyres veldig rart ut, første tanken var malware, men er langt frå sikker. Kan godt ver eg berre ser infiserte pc'ar over alt

 

Viss du trur det er malware, følg veiledninga øvst i signaturen min

Jeg tenkte også den tanken. Greit å ta en scann med mbam.

[EggMan88]

Fulgte den som stod i siggen din og her er loggene, noen som ser noe som ikke burde være der eller har noen andre tips??

 

Hijackthis Logg

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:08:53, on 02.01.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Infineon\Security Platform Software\PSDrt.exe

C:\Program Files\Infineon\Security Platform Software\SpTna.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iFXSPMGT] C:\Windows\system32\IFXSPMGT.exe /NotifyLogon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: GTMM Device Service - Option nv - C:\Program Files\Telenor\Mobile Broadband\GtmmDeviceService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\IFXSPMGT.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\IFXTCS.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Sesam Control Service (SesamService) - Swisscom Mobile - C:\Program Files\Telenor\Mobile Broadband\Sesam\BIN\SecMIPService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

 

--

End of file - 6615 bytes

 

 

ComboFix Logg

Klikk for å se/fjerne innholdet nedenfor

 

ComboFix 08-12-31.01 - Eivind 2009-01-02 2:01:54.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2033 [GMT 1:00]

Kjører fra: c:\users\Eivind\Desktop\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-02 til 2009-01-02 )))))))))))))))))))))))))))))))))

.

 

2009-01-02 07:05 . 2009-01-02 07:05 <DIR> d-------- C:\Temp

2009-01-02 01:56 . 2009-01-02 01:56 <DIR> d-------- c:\users\Eivind\AppData\Roaming\Malwarebytes

2009-01-02 01:56 . 2009-01-02 01:56 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-01-02 01:56 . 2009-01-02 01:56 <DIR> d-------- c:\programdata\Malwarebytes

2009-01-02 01:56 . 2009-01-02 01:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-02 01:56 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-02 01:56 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-30 20:51 . 2008-12-30 20:51 <DIR> d-------- c:\windows\PCHEALTH

2008-12-30 20:51 . 2008-12-30 20:51 <DIR> d-------- c:\program files\MSN Messenger

2008-12-30 20:24 . 2008-12-30 20:24 <DIR> d-------- c:\program files\Microsoft Silverlight

2008-12-30 14:11 . 2009-01-02 00:16 391,625,286 --a------ c:\windows\MEMORY.DMP

2008-12-28 00:24 . 2008-12-30 19:54 <DIR> d-------- c:\users\Eivind\Tracing

2008-12-28 00:18 . 2008-12-28 00:18 <DIR> d-------- c:\program files\Common Files\Windows Live

2008-12-26 12:46 . 2008-12-26 12:46 <DIR> d-------- c:\program files\Common Files\Logitech

2008-12-23 20:09 . 2008-12-30 19:55 <DIR> d-------- c:\program files\Cheat Engine

2008-12-13 03:34 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-13 03:33 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-12-13 03:30 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll

2008-12-04 10:53 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-12-04 10:53 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-12-04 10:53 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-12-04 10:53 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-12-04 10:53 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-12-04 10:53 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-12-04 10:53 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-12-04 10:53 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-12-04 10:53 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-01 23:54 32,304 ----a-w c:\users\Eivind\AppData\Roaming\nvModes.dat

2009-01-01 23:54 --------- d-----w c:\program files\Steam

2008-12-30 19:26 --------- d-----w c:\program files\Valve

2008-12-30 19:23 --------- d-----w c:\program files\Free Hide Folder

2008-12-30 19:22 --------- d-----w c:\program files\Windows Live

2008-12-18 03:29 --------- d-----w c:\users\Eivind\AppData\Roaming\uTorrent

2008-12-13 02:37 --------- d-----w c:\program files\Windows Mail

2008-12-11 18:17 --------- d-----w c:\program files\Common Files\Steam

2008-11-21 22:33 --------- d-----w c:\users\Eivind\AppData\Roaming\Intel

2008-11-17 20:26 --------- d-----w c:\programdata\Test Drive Unlimited

2008-11-09 02:33 --------- d-----w c:\users\Eivind\AppData\Roaming\dvdcss

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-10-24 11:00 22,328 ----a-w c:\users\Eivind\AppData\Roaming\PnkBstrK.sys

2008-10-24 11:00 107,832 ----a-w c:\windows\System32\PnkBstrB.exe

2008-10-24 10:59 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2008-10-24 10:59 2,337,865 ----a-w c:\windows\System32\pbsvc.exe

2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll

2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll

2008-08-03 01:22 174 --sha-w c:\program files\desktop.ini

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"Steam"="c:\program files\steam\steam.exe" [2008-10-10 1410296]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]

"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 33048]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]

"IFXSPMGT"="c:\windows\system32\IFXSPMGT.exe" [2006-11-13 661024]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-20 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-11-08 528384]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 c:\windows\RtHDVCpl.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{5AD15CDB-1DF0-4EBC-B57A-65AB1B18F291}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"UDP Query User{3F38D0D5-13C8-4CDD-9E59-ED2CBAD75D0A}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"TCP Query User{2106142A-AD79-487D-8C70-91906ED1880E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{8CA8B4B9-ED91-4C3A-987D-618DA0355CAF}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent

"{4A303E09-7364-47B9-895C-87F420BDF2E9}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas

"{97EC9613-9B83-4546-B1EA-99DA5B631DA1}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas

"{456AAD0D-C99B-4353-B1CB-837C9A6BAFB2}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater

"{6C5946EA-CC71-48DF-AA77-D9081FF230E7}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater

"TCP Query User{DAAA3E03-3F73-4A81-B323-DB5E9F8B1C15}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{6CBC9E0E-4258-4DE6-BB31-09323E2EB177}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher

"TCP Query User{78025D37-5075-49AF-BECE-85DE8DE1DF8F}c:\\program files\\steam\\steamapps\\eggy88\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\eggy88\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{97324586-C806-4F43-B027-580C73BB378F}c:\\program files\\steam\\steamapps\\eggy88\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\eggy88\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{2E1D1F15-72DF-46EF-9833-5FEA592E61D4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{BB7FE087-5C3C-4A0C-B27C-EDACD436994B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{E0CB7ED4-6128-4160-A55D-83BFFD8FA08E}c:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:c:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited

"UDP Query User{F304F145-0392-44DC-9CB5-9561DFEA7462}c:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:c:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited

"TCP Query User{23399C35-0FC3-4F37-B69A-CB461E446969}c:\\program files\\steam\\steamapps\\eggy88\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\eggy88\counter-strike source\hl2.exe:hl2

"UDP Query User{C3EDB0F8-6D3E-46AC-9026-99659CDEC1E2}c:\\program files\\steam\\steamapps\\eggy88\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\eggy88\counter-strike source\hl2.exe:hl2

"TCP Query User{C01632E0-6A25-48B3-81EB-BB33A9B45B9A}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"UDP Query User{8868D00F-1B8C-4623-B181-01EC7B2E20E2}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"TCP Query User{8C2ACEE8-ACB5-4236-8806-7EA6AB1257ED}c:\\program files\\aoe2\\age2_x1\\age2_x1.exe"= UDP:c:\program files\aoe2\age2_x1\age2_x1.exe:Age of Empires II Expansion

"UDP Query User{DECAD667-40C5-4455-BEA6-5638178D8234}c:\\program files\\aoe2\\age2_x1\\age2_x1.exe"= TCP:c:\program files\aoe2\age2_x1\age2_x1.exe:Age of Empires II Expansion

"TCP Query User{DC9D3FCF-D25E-4F06-BC17-D2646C76F03C}c:\\users\\eivind\\documents\\spill\\q3\\quake3.exe"= UDP:c:\users\eivind\documents\spill\q3\quake3.exe:quake3.exe

"UDP Query User{731923A2-9362-459D-B0A4-77F62D90A5A8}c:\\users\\eivind\\documents\\spill\\q3\\quake3.exe"= TCP:c:\users\eivind\documents\spill\q3\quake3.exe:quake3.exe

"TCP Query User{F26BC3B4-89A0-4293-B9A5-0C396AC8F9AD}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942

"UDP Query User{92FE6B16-FFDD-4F6D-A03E-1D9CEFD18218}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942

"TCP Query User{A167FF72-6E0F-4F81-B024-6FC5DE9E8849}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module

"UDP Query User{A4F4D5F6-BAC5-49E2-8F0B-1676711C4261}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module

"{EDB38541-28C4-4781-A8E0-E18D58BF08C8}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2

"{8703B558-6415-44E8-908C-C69C35F925BF}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2

"TCP Query User{F32FC885-8375-4FF7-A758-4029C8069CD7}c:\\program files\\american conquest\\dmcr.exe"= UDP:c:\program files\american conquest\dmcr.exe:dmcr

"UDP Query User{3D11B452-4A42-4510-8918-760AA552FC40}c:\\program files\\american conquest\\dmcr.exe"= TCP:c:\program files\american conquest\dmcr.exe:dmcr

"{09679E54-2A53-43D4-AC3E-82414DAAC4F7}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{042E6262-6D9A-401C-9D59-615FD784073A}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{147BBD8A-A49D-47EC-9407-1CC66AC4C335}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{E3D44071-DF62-41E0-A2CE-463C639D0304}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{5C7FAD8D-A6A3-4233-B7A0-068A6C50041E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{EF0B4E7C-536D-4F83-8BA4-DF06B9859247}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{CC90C424-8F35-4B2B-B0C7-C4157173031A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{40D5DC5C-1498-4F70-A619-692985B58686}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3E340D50-8235-469F-8A54-E6E12A48A82F}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2

"{858B0833-AC32-4A7B-A91D-08A691A3B082}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2

"{F535A179-B46D-4F76-BCCE-B012EB83257F}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update

"{11CE77C2-8F82-4B0E-A912-6E2656AE1C50}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update

"TCP Query User{284D4CE1-ABB5-422F-A31F-7B1D52A49CE9}c:\\program files\\steam\\steamapps\\eggy88\\ricochet\\hl.exe"= UDP:c:\program files\steam\steamapps\eggy88\ricochet\hl.exe:Half-Life Launcher

"UDP Query User{62FBFD1D-10A7-4AE1-9991-90C1F65E69FA}c:\\program files\\steam\\steamapps\\eggy88\\ricochet\\hl.exe"= TCP:c:\program files\steam\steamapps\eggy88\ricochet\hl.exe:Half-Life Launcher

"TCP Query User{7D6754C3-37AC-4B1A-8C51-D50C79563F77}c:\\program files\\steam\\steamapps\\joystick95\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\joystick95\counter-strike source\hl2.exe:hl2

"UDP Query User{D269D42E-1268-4552-9C3C-2563891C7DC1}c:\\program files\\steam\\steamapps\\joystick95\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\joystick95\counter-strike source\hl2.exe:hl2

"TCP Query User{BB70213B-2F90-45C1-B660-3643343E16E8}c:\\program files\\steam\\steamapps\\powerboy_b\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\powerboy_b\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{DD0FAFEE-C915-4E2F-9108-DD360B68F82C}c:\\program files\\steam\\steamapps\\powerboy_b\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\powerboy_b\counter-strike\hl.exe:Half-Life Launcher

"{9ED53603-7E74-4217-A467-D5548FBAF083}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

 

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-07-09 210432]

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2006-10-12 38952]

R2 SesamService;Sesam Control Service;"c:\program files\Telenor\Mobile Broadband\Sesam\BIN\SecMIPService.exe" [2007-11-27 1276200]

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-07-09 24576]

R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-07-09 1245056]

R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [2007-10-26 39720]

R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [2007-10-26 260520]

R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-09-14 62984]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-21 31592]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]

S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]

S3 GTMM Device Service;GTMM Device Service;"c:\program files\Telenor\Mobile Broadband\GtmmDeviceService.exe" [2008-04-04 106496]

S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]

S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-09-14 83080]

S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-09-14 15112]

S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-09-14 108296]

S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-09-14 108424]

S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-09-14 90888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\shell\AutoRun\command - h:\wd_windows_tools\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c20f1c6-817c-11dd-b5ca-00f1d000f1d0}]

\shell\AutoRun\command - h:\wd_windows_tools\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c20f269-817c-11dd-b5ca-00f1d000f1d0}]

\shell\AutoRun\command - wd_windows_tools\WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46378fdc-833e-11dd-bbe5-001bfca8b952}]

\shell\AutoRun\command - H:\cdstart.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d7bbca9-b4cd-11dd-91f7-00f1d000f1d0}]

\shell\AutoRun\command - WD_Windows_Tools\Setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68392213-4dee-11dd-9fa2-806e6f6e6963}]

\shell\AutoRun\command - D:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bcb2db9-5e48-11dd-83b0-001bfca8b952}]

\shell\AutoRun\command - E:\MobileBroadbandSetup.exe AUTORUN=1

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ade94e1-7e7e-11dd-9292-00f1d000f1d0}]

\shell\AutoRun\command - H:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8fbec49-70f4-11dd-b4df-001bfca8b952}]

\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8fbec56-70f4-11dd-b4df-00f1d000f1d0}]

\shell\AutoRun\command - wd_windows_tools\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9a0adf5-5bd3-11dd-99f3-001bfca8b952}]

\shell\AutoRun\command - E:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80afd70-5f2b-11dd-83ed-001bfca8b952}]

\shell\AutoRun\command - E:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed4f9030-b960-11dd-9abc-00f1d000f1d0}]

\shell\Auto\command - H:\autorun.bat

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\autorun.bat

\shell\explore\Command - H:\autorun.bat

 

*Newly Created Service* - PROCEXP90

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-01 c:\windows\Tasks\User_Feed_Synchronization-{9FDC7725-1D0F-40BA-9E8D-7F73D45D1D34}.job

- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-02 02:03:39

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-01-02 2:05:13

ComboFix-quarantined-files.txt 2009-01-02 01:05:10

 

Pre-Run: 46 309 273 600 bytes free

Post-Run: 46,438,899,712 bytes free

 

213 --- E O F --- 2008-12-30 19:25:16

 

 

Mbat Logg

Klikk for å se/fjerne innholdet nedenfor

 

Malwarebytes' Anti-Malware 1.31

Database version: 1591

Windows 6.0.6001 Service Pack 1

 

02.01.2009 01:59:55

mbam-log-2009-01-02 (01-59-55).txt

 

Scan type: Quick Scan

Objects scanned: 44868

Time elapsed: 2 minute(s), 54 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Endret 2. januar 2009 av EggMan88

[EggMan88]

Virker som det er andre problemer her også.

Prøver og skru av maskinen på via Start -> Shut Down og da tar står det vanlige Windows avslutter og alt det der, men det står i 10 min før maskinen bare starter seg på nytt og det jeg kommer inn til der mann velger Oppstartsmetode, Safe Mode, og alt det. Når Windows har startet opp kommer det en mld der det står "Windows has recovered from an unexpected shutdown" og får valget mellom og raportere det eller Ignore

 

Det samme skjer vis jeg velger Restart istedet for Shut Down.

[EggMan88]

Velger og bumpe denne opp igjen, etter div testing forige gang valgte jeg og formatere pc'en og instalere alt på nytt, virket greit da i 3-4mnd, men nå for 2 dager siden fikk jeg samme problemet.

 

Akuratt det samme som skjedde forige gang skjer nå også. Noen tips?

Endret 19. april 2009 av EggMan88