Just nu i M3-nätverket
Gå till innehåll

kommer inte in på windows xp, virus?


CSO

Rekommendera Poster

hittade en logg som jag tror var den senaste avenger. tiden stämmer iaf (: sen vet jag inte hur bra det gick då den inte riktigt lyckades starta upp ju, men här kommer den iaf...

[log]Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\pmnkKaWn" not found!

Deletion of driver "pmnkKaWn" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\Documents and Settings\Administrator\gpqxfvie.exe" not found!

Deletion of file "C:\Documents and Settings\Administrator\gpqxfvie.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

File "C:\WINDOWS\system32\mlJATjkL.dll" deleted successfully.

File "C:\WINDOWS\system32\msfxyfgg.dll" deleted successfully.

File "C:\WINDOWS\system32\fpcubxxk.dll" deleted successfully.

File "C:\WINDOWS\system32\xoghpywg.dll" deleted successfully.

 

Error: file "C:\WINDOWS\system32\doxefura.exe" not found!

Deletion of file "C:\WINDOWS\system32\doxefura.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS\system32\byXrroOE.dll" not found!

Deletion of file "C:\WINDOWS\system32\byXrroOE.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS\system32\msfxyfgg.dll" not found!

Deletion of file "C:\WINDOWS\system32\msfxyfgg.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

File "C:\Documents and Settings\caroline\gpqxfvie.exe" deleted successfully.

File "C:\WINDOWS\system32\alnacfhu.dll" deleted successfully.

File "C:\WINDOWS\system32\fltlagrp.dll" deleted successfully.

File "C:\WINDOWS\system32\vdnpcinq.dll" deleted successfully.

File "C:\WINDOWS\system32\ljcljyqv.dll" deleted successfully.

File "C:\WINDOWS\system32\kgjauyty.dll" deleted successfully.

File "C:\WINDOWS\system32\ppstrsbu.dll" deleted successfully.

File "C:\Documents and Settings\caroline\dpaidvЛ†›" deleted successfully.

File "C:\Documents and Settings\Administrator\gprobeЛ†›" deleted successfully.

File "C:\Documents and Settings\caroline\wigdodЛ†›" deleted successfully.

File "C:\Documents and Settings\Administrator\wigdodЛ†›" deleted successfully.

File "C:\Documents and Settings\caroline\nzbzslЛ†›" deleted successfully.

File "C:\Documents and Settings\Administrator\ncmmvpЛ†›" deleted successfully.

File "C:\WINDOWS\system32\frdvrdnw.dll" deleted successfully.

File "C:\WINDOWS\system32\rdljsdma.dll" deleted successfully.

File "C:\WINDOWS\system32\xwodxhmt.dll" deleted successfully.

File "C:\WINDOWS\system32\uxFfPqss.ini2" deleted successfully.

File "C:\WINDOWS\system32\ssqPfFxu.dll" deleted successfully.

File "C:\WINDOWS\system32\jppxkkbu.dll" deleted successfully.

File "C:\WINDOWS\system32\islogbmq.dll" deleted successfully.

File "C:\WINDOWS\system32\UFLmSvut.ini2" deleted successfully.

File "C:\WINDOWS\system32\tuvSmLFU.dll" deleted successfully.

File "C:\WINDOWS\system32\daamfxll.dll" deleted successfully.

File "C:\WINDOWS\system32\dvpehafs.dll" deleted successfully.

File "C:\WINDOWS\system32\xeuirnfy.dll" deleted successfully.

File "C:\WINDOWS\system32\cbKUwvut.ini2" deleted successfully.

File "C:\WINDOWS\system32\tuvwUKbc.dll" deleted successfully.

File "C:\WINDOWS\system32\fwwttgmb.dll" deleted successfully.

File "C:\WINDOWS\system32\YbeOYcfe.ini2" deleted successfully.

File "C:\WINDOWS\system32\efcYOebY.dll" deleted successfully.

File "C:\WINDOWS\system32\knabiivv.dll" deleted successfully.

File "C:\WINDOWS\system32\ckmdwhjp.dll" deleted successfully.

File "C:\WINDOWS\system32\vvrfhxnp.dll" deleted successfully.

File "C:\WINDOWS\system32\nWaKknmp.ini2" deleted successfully.

File "C:\WINDOWS\system32\pmnkKaWn.dll" deleted successfully.

File "C:\WINDOWS\system32\achbcrqh.dll" deleted successfully.

File "C:\WINDOWS\system32\jidaxoeo.dll" deleted successfully.

File "C:\WINDOWS\system32\bedyfcuu.dll" deleted successfully.

File "C:\WINDOWS\system32\LkjTAJlm.ini2" deleted successfully.

 

Error: file "C:\WINDOWS\system32\mlJATjkL.dll" not found!

Deletion of file "C:\WINDOWS\system32\mlJATjkL.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: folder "C:\PROGRA~1\TRYGGD~1" not found!

Deletion of folder "C:\PROGRA~1\TRYGGD~1" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: folder "C:\Program Files\Common Files\BortMedVirus" not found!

Deletion of folder "C:\Program Files\Common Files\BortMedVirus" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: folder "C:\Program Files\XP Antivirus" not found!

Deletion of folder "C:\Program Files\XP Antivirus" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS\system32\pmnkKaWn.dll" not found!

Replacement with dummy of file "C:\WINDOWS\system32\pmnkKaWn.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[/log]

 

så tänkte jag bara säga att jag tror jag har en del spyware på datorn också så kanske därför som det blir nya virus hela tiden... var är enklaste sättet att bli av med dom?

 

Länk till kommentar
Dela på andra webbplatser

  • Svars 94
  • Skapad
  • Senaste svar

Det är väl snarast spionprogram vi håller på och rensar nu.

Får se hur main-loggen ser ut också.

 

Länk till kommentar
Dela på andra webbplatser

 

Här är loggen från .dmp filen

 

[log]Opened log file 'c:\debuglog.txt'

 

Microsoft ® Windows Debugger Version 6.9.0003.113 X86

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [C:\Documents and Settings\pappa\Skrivbord\MEMORY.DMP]

Kernel Complete Dump File: Full address space is available

 

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp2_rtm.040803-2158

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20

Debug session time: Mon May 5 12:22:11.406 2008 (GMT+2)

System Uptime: 0 days 0:00:28.000

Loading Kernel Symbols

..............................................................................................................................................

Loading User Symbols

......................................................................

Loading unloaded module list

.....

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck D1, {7765c544, 2, 0, 7765c544}

 

*************************************************************************

*** ***

*** ***

*** Your debugger is not using the correct symbols ***

*** ***

*** In order for this command to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: kernel32!pNlsUserInfo ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Your debugger is not using the correct symbols ***

*** ***

*** In order for this command to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: kernel32!pNlsUserInfo ***

*** ***

*************************************************************************

Probably caused by : ntoskrnl.exe ( nt!KiTrap0E+233 )

 

Followup: MachineOwner

---------

 

kd> !analyze -v;r;kv;lmtn;.logclose;q

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

 

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 7765c544, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000000, value 0 = read operation, 1 = write operation

Arg4: 7765c544, address which referenced memory

 

Debugging Details:

------------------

 

*************************************************************************

*** ***

*** ***

*** Your debugger is not using the correct symbols ***

*** ***

*** In order for this command to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: kernel32!pNlsUserInfo ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Your debugger is not using the correct symbols ***

*** ***

*** In order for this command to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: kernel32!pNlsUserInfo ***

*** ***

*************************************************************************

 

READ_ADDRESS: 7765c544

 

CURRENT_IRQL: 2

 

FAULTING_IP:

wzcsvc!FSMAuthenticated+0

7765c544 ?? ???

 

PROCESS_NAME: svchost.exe

 

DEFAULT_BUCKET_ID: DRIVER_FAULT

 

BUGCHECK_STR: 0xD1

 

LAST_CONTROL_TRANSFER: from 7765c544 to 804e2158

 

FAILED_INSTRUCTION_ADDRESS:

wzcsvc!FSMAuthenticated+0

7765c544 ?? ???

 

STACK_TEXT:

ae69dd64 7765c544 badb0d00 0000006d ae69dd98 nt!KiTrap0E+0x233

0148fe4c 7765d355 000c2f78 00000000 00010006 wzcsvc!FSMAuthenticated

0148fe70 7765dbf0 000c2f78 00000000 000c2f78 wzcsvc!FSMConnecting+0x103

0148fe8c 7c927911 000c2fa0 00000001 000d3af0 wzcsvc!ElTimeoutCallbackRoutine+0x1fe

0148fed8 7c927df7 7765d9f2 000c2f78 00000001 ntdll!RtlpWaitOrTimerCallout+0x73

0148fef8 7c927545 000d3af0 7c97c3a0 000cec18 ntdll!RtlpAsyncTimerCallbackCompletion+0x1c

0148ff40 7c927583 7c927ddb 000d3af0 00000000 ntdll!RtlpWorkerCallout+0x70

0148ff60 7c927645 00000000 000d3af0 000cec18 ntdll!RtlpExecuteWorkerRequest+0x1a

0148ff74 7c92761c 7c927569 00000000 000d3af0 ntdll!RtlpApcCallout+0x11

0148ffb4 7c80b50b 00000000 00000000 00000000 ntdll!RtlpWorkerThread+0x87

0148ffec 00000000 7c910760 00000000 00000000 kernel32!BaseThreadStart+0x37

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

nt!KiTrap0E+233

804e2158 f7457000000200 test dword ptr [ebp+70h],20000h

 

SYMBOL_STACK_INDEX: 0

 

SYMBOL_NAME: nt!KiTrap0E+233

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: nt

 

IMAGE_NAME: ntoskrnl.exe

 

DEBUG_FLR_IMAGE_TIMESTAMP: 41108004

 

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+233

 

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+233

 

Followup: MachineOwner

---------

 

eax=ffdff13c ebx=00000002 ecx=00000000 edx=40000000 esi=7765c544 edi=7765c544

eip=804e2158 esp=ae69dd4c ebp=ae69dd64 iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286

nt!KiTrap0E+0x233:

804e2158 f7457000000200 test dword ptr [ebp+70h],20000h ss:0010:ae69ddd4=00010246

ChildEBP RetAddr Args to Child

ae69dd64 7765c544 badb0d00 0000006d ae69dd98 nt!KiTrap0E+0x233 (FPO: [0,0] TrapFrame @ ae69dd64)

0148fe4c 7765d355 000c2f78 00000000 00010006 wzcsvc!FSMAuthenticated (FPO: [Non-Fpo])

0148fe70 7765dbf0 000c2f78 00000000 000c2f78 wzcsvc!FSMConnecting+0x103 (FPO: [Non-Fpo])

0148fe8c 7c927911 000c2fa0 00000001 000d3af0 wzcsvc!ElTimeoutCallbackRoutine+0x1fe (FPO: [Non-Fpo])

0148fed8 7c927df7 7765d9f2 000c2f78 00000001 ntdll!RtlpWaitOrTimerCallout+0x73 (FPO: [Non-Fpo])

0148fef8 7c927545 000d3af0 7c97c3a0 000cec18 ntdll!RtlpAsyncTimerCallbackCompletion+0x1c (FPO: [Non-Fpo])

0148ff40 7c927583 7c927ddb 000d3af0 00000000 ntdll!RtlpWorkerCallout+0x70 (FPO: [Non-Fpo])

0148ff60 7c927645 00000000 000d3af0 000cec18 ntdll!RtlpExecuteWorkerRequest+0x1a (FPO: [Non-Fpo])

0148ff74 7c92761c 7c927569 00000000 000d3af0 ntdll!RtlpApcCallout+0x11 (FPO: [Non-Fpo])

0148ffb4 7c80b50b 00000000 00000000 00000000 ntdll!RtlpWorkerThread+0x87 (FPO: [Non-Fpo])

0148ffec 00000000 7c910760 00000000 00000000 kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])

start end module name

01000000 01006000 svchost svchost.exe Wed Aug 04 08:14:46 2004 (41107ED6)

0ffd0000 0fff8000 rsaenh rsaenh.dll Wed Jul 07 04:17:12 2004 (40EB5D28)

20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 09:56:41 2004 (411096B9)

4cb90000 4cba0000 xmlprovi xmlprovi.dll Wed Aug 04 09:56:37 2004 (411096B5)

5ad70000 5ada8000 UxTheme UxTheme.dll Wed Aug 04 09:56:43 2004 (411096BB)

5b860000 5b8b4000 NETAPI32 NETAPI32.dll Wed Aug 04 09:56:28 2004 (411096AC)

5cb70000 5cb96000 ShimEng ShimEng.dll Wed Aug 04 09:56:42 2004 (411096BA)

5d090000 5d127000 comctl32_5d090000 comctl32.dll Wed Aug 04 09:56:31 2004 (411096AF)

606b0000 607bd000 ESENT ESENT.dll Wed Aug 04 09:56:48 2004 (411096C0)

6f880000 6fa4a000 AcGenral AcGenral.DLL Wed Aug 04 09:55:58 2004 (4110968E)

708b0000 708bd000 audiosrv audiosrv.dll Wed Aug 04 09:57:03 2004 (411096CF)

71aa0000 71aa8000 WS2HELP WS2HELP.dll Wed Aug 04 09:57:39 2004 (411096F3)

71ab0000 71ac7000 WS2_32 WS2_32.dll Wed Aug 04 09:57:38 2004 (411096F2)

71bf0000 71c03000 SAMLIB SAMLIB.dll Wed Aug 04 09:56:29 2004 (411096AD)

723d0000 723ec000 WinSCard WinSCard.dll Wed Aug 04 09:56:36 2004 (411096B4)

73030000 73040000 WZCSAPI WZCSAPI.DLL Wed Aug 04 09:57:57 2004 (41109705)

74f50000 74f55000 MSIDLE MSIDLE.DLL Wed Aug 04 09:58:28 2004 (41109724)

754d0000 75550000 CRYPTUI CRYPTUI.dll Wed Aug 04 09:56:06 2004 (41109696)

75cf0000 75d81000 mlang mlang.dll Wed Aug 04 09:56:29 2004 (411096AD)

76080000 760e5000 MSVCP60 MSVCP60.dll Wed Aug 04 09:59:13 2004 (41109751)

76360000 76370000 WINSTA WINSTA.dll Wed Aug 04 09:56:40 2004 (411096B8)

767a0000 767b3000 NTDSAPI NTDSAPI.dll Wed Aug 04 09:56:57 2004 (411096C9)

767f0000 76817000 SCHANNEL SCHANNEL.dll Wed Aug 04 09:56:39 2004 (411096B7)

769c0000 76a73000 USERENV USERENV.dll Wed Aug 04 09:56:41 2004 (411096B9)

76b20000 76b31000 ATL ATL.DLL Wed Aug 04 09:56:55 2004 (411096C7)

76b40000 76b6d000 WINMM WINMM.dll Wed Aug 04 09:57:10 2004 (411096D6)

76b70000 76b8f000 rastls rastls.dll Wed Aug 04 09:56:34 2004 (411096B2)

76bd0000 76be4000 raschap raschap.dll Wed Aug 04 09:56:27 2004 (411096AB)

76c30000 76c5e000 WINTRUST WINTRUST.dll Wed Aug 04 09:56:41 2004 (411096B9)

76c90000 76cb8000 IMAGEHLP IMAGEHLP.dll Wed Aug 04 09:56:25 2004 (411096A9)

76d30000 76d34000 WMI WMI.dll Wed Aug 04 09:56:51 2004 (411096C3)

76d40000 76d58000 MPRAPI MPRAPI.dll Wed Aug 04 09:56:47 2004 (411096BF)

76d60000 76d79000 iphlpapi iphlpapi.dll Wed Aug 04 09:56:10 2004 (4110969A)

76d80000 76d9e000 dhcpcsvc dhcpcsvc.dll Wed Aug 04 09:56:28 2004 (411096AC)

76e10000 76e35000 adsldpc adsldpc.dll Wed Aug 04 09:56:13 2004 (4110969D)

76e40000 76e63000 wkssvc wkssvc.dll Wed Aug 04 09:56:42 2004 (411096BA)

76e80000 76e8e000 rtutils rtutils.dll Wed Aug 04 09:56:36 2004 (411096B4)

76e90000 76ea2000 rasman rasman.dll Wed Aug 04 09:56:29 2004 (411096AD)

76eb0000 76edf000 TAPI32 TAPI32.dll Wed Aug 04 09:56:38 2004 (411096B6)

76ee0000 76f1c000 RASAPI32 RASAPI32.dll Wed Aug 04 09:56:25 2004 (411096A9)

76f20000 76f47000 DNSAPI DNSAPI.dll Wed Aug 04 09:56:45 2004 (411096BD)

76f50000 76f58000 WTSAPI32 WTSAPI32.dll Wed Aug 04 09:57:55 2004 (41109703)

76f60000 76f8c000 WLDAP32 WLDAP32.dll Wed Aug 04 09:56:43 2004 (411096BB)

76fd0000 7704f000 CLBCATQ CLBCATQ.DLL Wed Aug 04 09:56:18 2004 (411096A2)

77050000 77115000 COMRes COMRes.dll Wed Aug 04 09:56:36 2004 (411096B4)

77120000 771ac000 OLEAUT32 OLEAUT32.dll Wed Aug 04 09:57:39 2004 (411096F3)

771b0000 77256000 WININET WININET.dll Wed Aug 04 09:57:08 2004 (411096D4)

77300000 77332000 schedsvc schedsvc.dll Wed Aug 04 09:56:40 2004 (411096B8)

773d0000 774d3000 comctl32 comctl32.dll Fri Aug 25 17:45:55 2006 (44EF1B33)

774e0000 7761c000 ole32 ole32.dll Wed Aug 04 09:57:38 2004 (411096F2)

77620000 7768e000 wzcsvc wzcsvc.dll Wed Aug 04 09:57:58 2004 (41109706)

77690000 776b1000 NTMARTA NTMARTA.DLL Wed Aug 04 09:57:02 2004 (411096CE)

776e0000 77703000 shsvcs shsvcs.dll Wed Aug 04 09:56:47 2004 (411096BF)

77920000 77a13000 SETUPAPI SETUPAPI.dll Wed Aug 04 09:56:32 2004 (411096B0)

77a80000 77b14000 CRYPT32 CRYPT32.dll Wed Aug 04 09:56:01 2004 (41109691)

77b20000 77b32000 MSASN1 MSASN1.dll Wed Aug 04 09:57:23 2004 (411096E3)

77be0000 77bf5000 MSACM32 MSACM32.dll Wed Aug 04 09:57:03 2004 (411096CF)

77c00000 77c08000 VERSION VERSION.dll Wed Aug 04 09:56:39 2004 (411096B7)

77c10000 77c68000 msvcrt msvcrt.dll Wed Aug 04 09:59:14 2004 (41109752)

77c70000 77c93000 msv1_0 msv1_0.dll Wed Aug 04 09:59:11 2004 (4110974F)

77cc0000 77cf2000 ACTIVEDS ACTIVEDS.dll Wed Aug 04 09:56:03 2004 (41109693)

77d40000 77dd0000 USER32 USER32.dll Wed Aug 04 09:56:40 2004 (411096B8)

77dd0000 77e6b000 ADVAPI32 ADVAPI32.dll Wed Aug 04 09:56:23 2004 (411096A7)

77e70000 77f01000 RPCRT4 RPCRT4.dll Wed Aug 04 09:56:30 2004 (411096AE)

77f10000 77f56000 GDI32 GDI32.dll Wed Aug 04 09:56:07 2004 (41109697)

77f60000 77fd6000 SHLWAPI SHLWAPI.dll Wed Aug 04 09:56:44 2004 (411096BC)

77fe0000 77ff1000 Secur32 Secur32.dll Wed Aug 04 09:56:49 2004 (411096C1)

7c800000 7c8f4000 kernel32 kernel32.dll Wed Aug 04 09:56:36 2004 (411096B4)

7c900000 7c9b0000 ntdll ntdll.dll Wed Aug 04 09:56:36 2004 (411096B4)

7c9c0000 7d1d4000 SHELL32 SHELL32.dll Wed Aug 04 09:56:39 2004 (411096B7)

804d7000 806eb780 nt ntoskrnl.exe Wed Aug 04 08:19:48 2004 (41108004)

806ec000 8070c380 hal halaacpi.dll Wed Aug 04 07:59:05 2004 (41107B29)

aeb0e000 aeb23980 nwlnkipx nwlnkipx.sys Wed Aug 04 08:03:29 2004 (41107C31)

aeb50000 aeb53280 ndisuio ndisuio.sys Wed Aug 04 08:03:10 2004 (41107C1E)

aeb74000 aeb8a360 DLAUDF_M DLAUDF_M.SYS Tue Aug 08 18:15:47 2006 (44D8B8B3)

aeb8b000 aeba06e0 DLAUDFAM DLAUDFAM.SYS Tue Aug 08 18:16:06 2006 (44D8B8C6)

aeba1000 aebb8d40 DLAIFS_M DLAIFS_M.SYS Tue Aug 08 18:15:33 2006 (44D8B8A5)

af1ea000 af201c80 dump_si3112r dump_si3112r.sys Wed May 12 23:01:17 2004 (40A2909D)

af202000 af263900 btaudio btaudio.sys Tue Nov 30 04:36:20 2004 (41ABEAB4)

af264000 af280fa0 btwdndis btwdndis.sys Tue Nov 30 04:34:20 2004 (41ABEA3C)

af281000 af2bcf00 Dr71WU Dr71WU.sys Thu Nov 03 13:39:01 2005 (436A04E5)

af2bd000 af2ddf00 ipnat ipnat.sys Wed Aug 04 08:04:48 2004 (41107C80)

af2de000 af34c380 mrxsmb mrxsmb.sys Wed Aug 04 08:15:14 2004 (41107EF2)

af34d000 af378180 rdbss rdbss.sys Wed Aug 04 08:20:05 2004 (41108015)

af379000 af39ad00 afd afd.sys Wed Aug 04 08:14:13 2004 (41107EB5)

af39b000 af3d1980 tcpip6 tcpip6.sys Wed Aug 04 08:07:38 2004 (41107D2A)

af3d2000 af3f9c00 netbt netbt.sys Wed Aug 04 08:14:36 2004 (41107ECC)

af3fa000 af451a80 tcpip tcpip.sys Wed Aug 04 08:14:39 2004 (41107ECF)

af452000 af464400 ipsec ipsec.sys Wed Aug 04 08:14:27 2004 (41107EC3)

b1671000 b1674720 pclepci pclepci.sys Fri Sep 07 11:09:39 2001 (3B988ED3)

b1689000 b168b280 rasacd rasacd.sys Fri Aug 17 22:55:39 2001 (3B7D84CB)

b16ce000 b16ce9e0 DLADResM DLADResM.SYS Tue Aug 08 18:17:47 2006 (44D8B92B)

b1c2c000 b1c38f20 btwusb btwusb.sys Tue Nov 30 04:30:44 2004 (41ABE964)

b1c3c000 b1c4b900 Cdfs Cdfs.SYS Wed Aug 04 08:14:09 2004 (41107EB1)

b1ed7000 b1ed8080 RDPCDD RDPCDD.sys Fri Aug 17 22:46:56 2001 (3B7D82C0)

b1ed9000 b1eda080 mnmdd mnmdd.SYS Fri Aug 17 22:57:28 2001 (3B7D8538)

b20ab000 b20b1dc0 btport btport.sys Tue Nov 30 04:31:15 2004 (41ABE983)

b20bb000 b20bf680 ElbyCDIO ElbyCDIO.sys Tue Aug 07 21:48:32 2007 (46B8CC90)

b20cb000 b20d2180 Ip6Fw Ip6Fw.sys Wed Aug 04 08:00:04 2004 (41107B64)

b20d3000 b20d8880 ssmdrv ssmdrv.sys Wed Feb 28 16:43:23 2007 (45E5A31B)

b20db000 b20e2880 Npfs Npfs.SYS Wed Aug 04 08:00:38 2004 (41107B86)

b20e3000 b20e7a80 Msfs Msfs.SYS Wed Aug 04 08:00:37 2004 (41107B85)

b20eb000 b20f0200 vga vga.sys Wed Aug 04 08:07:06 2004 (41107D0A)

b20f3000 b20f8340 DLARTL_M DLARTL_M.SYS Wed Aug 02 05:05:25 2006 (44D01675)

b236f000 b2374000 flpydisk flpydisk.sys Wed Aug 04 07:59:24 2004 (41107B3C)

b2420000 b2421080 Beep Beep.SYS Fri Aug 17 22:47:33 2001 (3B7D82E5)

b2422000 b2423f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 22:49:37 2001 (3B7D8361)

b2fce000 b2fceb80 Null Null.SYS Fri Aug 17 22:47:39 2001 (3B7D82EB)

b3a11000 b3a21480 nvarm nvarm.sys Wed May 26 00:58:00 2004 (40B3CF78)

b3a22000 b3b0d000 nvmcp nvmcp.sys Wed May 26 00:58:01 2004 (40B3CF79)

b3b0d000 b3b30980 portcls portcls.sys Wed Aug 04 08:15:47 2004 (41107F13)

b3b31000 b3b91b00 nvapu nvapu.sys Wed May 26 00:58:02 2004 (40B3CF7A)

b5e44000 b5e52b80 drmk drmk.sys Wed Aug 04 08:07:54 2004 (41107D3A)

b76da000 b76e8100 usbhub usbhub.sys Wed Aug 04 08:08:40 2004 (41107D68)

b7ad9000 b7aec480 MarvinBus MarvinBus.sys Mon Jun 21 16:03:21 2004 (40D6EAA9)

b7b05000 b7b38200 update update.sys Wed Aug 04 07:58:32 2004 (41107B08)

b7ba6000 b7bd6100 rdpdr rdpdr.sys Wed Aug 04 08:01:10 2004 (41107BA6)

b805c000 b8065480 NDProxy NDProxy.SYS Fri Aug 17 22:55:30 2001 (3B7D84C2)

b80bc000 b80cb700 nwlnknb nwlnknb.sys Fri Aug 17 22:54:16 2001 (3B7D8478)

b9030000 b9040e00 psched psched.sys Wed Aug 04 08:04:16 2004 (41107C60)

b9049000 b904f400 DLABOIOM DLABOIOM.SYS Tue Aug 08 18:16:19 2006 (44D8B8D3)

b9051000 b9057e40 DLABMFSM DLABMFSM.SYS Tue Aug 08 18:16:24 2006 (44D8B8D8)

b9061000 b9065b20 DLAOPIOM DLAOPIOM.SYS Tue Aug 08 18:17:00 2006 (44D8B8FC)

b9091000 b90a7680 ndiswan ndiswan.sys Wed Aug 04 08:14:30 2004 (41107EC6)

b90a8000 b91eaf20 btkrnl btkrnl.sys Tue Nov 30 04:33:13 2004 (41ABE9F9)

b91eb000 b91fe900 parport parport.sys Wed Aug 04 07:59:04 2004 (41107B28)

b9e81000 b9ee6000 an1tik8i an1tik8i.SYS Thu Mar 27 13:24:26 2008 (47EB91FA)

b9ee6000 b9ef9780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 08:07:04 2004 (41107D08)

b9efa000 ba258880 nv4_mini nv4_mini.sys Fri Nov 11 23:24:25 2005 (43751A19)

ba259000 ba27b680 ks ks.sys Wed Aug 04 08:15:20 2004 (41107EF8)

ba27c000 ba292e00 NVENET NVENET.sys Thu Jan 29 09:45:48 2004 (4018C83C)

ba293000 ba2b5e80 USBPORT USBPORT.SYS Wed Aug 04 08:08:34 2004 (41107D62)

ba2d6000 ba2de900 msgpc msgpc.sys Wed Aug 04 08:04:11 2004 (41107C5B)

ba2e6000 ba2f1d00 raspptp raspptp.sys Wed Aug 04 08:14:26 2004 (41107EC2)

ba2f6000 ba300200 raspppoe raspppoe.sys Wed Aug 04 08:05:06 2004 (41107C92)

ba306000 ba312880 rasl2tp rasl2tp.sys Wed Aug 04 08:14:21 2004 (41107EBD)

ba316000 ba322e00 i8042prt i8042prt.sys Wed Aug 04 08:14:36 2004 (41107ECC)

ba326000 ba335d80 serial serial.sys Wed Aug 04 08:15:51 2004 (41107F17)

ba519000 ba51b900 Dxapi Dxapi.sys Fri Aug 17 22:53:19 2001 (3B7D843F)

ba5d8000 ba5d8c00 audstub audstub.sys Fri Aug 17 22:59:40 2001 (3B7D85BC)

badc9000 badcc1c0 cdrbsdrv cdrbsdrv.SYS Mon Mar 08 04:55:49 2004 (404BEEC5)

badcd000 badd0080 tunmp tunmp.sys Wed Aug 04 08:03:15 2004 (41107C23)

badd5000 badd8c80 mssmbios mssmbios.sys Wed Aug 04 08:07:47 2004 (41107D33)

badf1000 badf4780 dump_diskdump dump_diskdump.sys Wed Aug 04 07:59:51 2004 (41107B57)

bae2d000 bae47580 Mup Mup.sys Wed Aug 04 08:15:20 2004 (41107EF8)

bae48000 bae74a80 NDIS NDIS.sys Wed Aug 04 08:14:27 2004 (41107EC3)

bae75000 baf01480 Ntfs Ntfs.sys Wed Aug 04 08:15:06 2004 (41107EEA)

baf02000 baf18780 KSecDD KSecDD.sys Wed Aug 04 07:59:45 2004 (41107B51)

baf59000 baf67d80 arp1394 arp1394.sys Wed Aug 04 07:58:28 2004 (41107B04)

baf79000 baf81700 wanarp wanarp.sys Wed Aug 04 08:04:57 2004 (41107C89)

bafb9000 bafcf000 drvmcdb drvmcdb.sys Fri Aug 04 17:36:35 2006 (44D36983)

bafcf000 bafe0f00 sr sr.sys Wed Aug 04 08:06:22 2004 (41107CDE)

bafe1000 bafff780 fltMgr fltMgr.sys Wed Aug 04 08:01:17 2004 (41107BAD)

bf800000 bf9c0380 win32k win32k.sys Wed Aug 04 08:17:30 2004 (41107F7A)

bf9c1000 bf9d2580 dxg dxg.sys Wed Aug 04 08:00:51 2004 (41107B93)

bf9d3000 bfd91400 nv4_disp nv4_disp.dll Fri Nov 11 23:18:35 2005 (437518BB)

bffa0000 bffe5c00 ATMFD ATMFD.DLL Wed Aug 04 09:56:56 2004 (411096C8)

f740f000 f7418f00 termdd termdd.sys Wed Aug 04 07:58:52 2004 (41107B1C)

f742f000 f743d080 redbook redbook.sys Wed Aug 04 07:59:34 2004 (41107B46)

f743f000 f744b180 cdrom cdrom.sys Wed Aug 04 07:59:52 2004 (41107B58)

f744f000 f7459380 imapi imapi.sys Wed Aug 04 08:00:12 2004 (41107B6C)

f745f000 f746e180 nic1394 nic1394.sys Wed Aug 04 07:58:28 2004 (41107B04)

f746f000 f747ae00 nvax nvax.sys Wed May 26 00:58:00 2004 (40B3CF78)

f747f000 f748fa80 pci pci.sys Wed Aug 04 08:07:45 2004 (41107D31)

f7490000 f74bdd80 ACPI ACPI.sys Wed Aug 04 08:07:35 2004 (41107D27)

f74be000 f74d5800 SCSIPORT SCSIPORT.SYS Wed Aug 04 07:59:39 2004 (41107B4B)

f74d6000 f75d6000 sptd sptd.sys Thu Mar 06 01:32:57 2008 (47CF3BB9)

f75f7000 f7605e80 ohci1394 ohci1394.sys Wed Aug 04 08:10:05 2004 (41107DBD)

f7607000 f7614000 1394BUS 1394BUS.SYS Wed Aug 04 08:10:03 2004 (41107DBB)

f7617000 f761fc00 isapnp isapnp.sys Fri Aug 17 22:58:01 2001 (3B7D8559)

f7627000 f7631500 MountMgr MountMgr.sys Wed Aug 04 07:58:29 2004 (41107B05)

f7637000 f7643c80 VolSnap VolSnap.sys Wed Aug 04 08:00:14 2004 (41107B6E)

f7647000 f764fe00 disk disk.sys Wed Aug 04 07:59:53 2004 (41107B59)

f7657000 f7663200 CLASSPNP CLASSPNP.SYS Wed Aug 04 08:14:26 2004 (41107EC2)

f7667000 f766fb40 PxHelp20 PxHelp20.sys Tue Jul 25 02:18:21 2006 (44C5634D)

f7697000 f769f700 netbios netbios.sys Wed Aug 04 08:03:19 2004 (41107C27)

f76a7000 f76af880 Fips Fips.SYS Sat Aug 18 03:31:49 2001 (3B7DC585)

f76e7000 f76f1620 DRVNDDM DRVNDDM.SYS Wed Aug 02 04:45:56 2006 (44D011E4)

f76f7000 f7700200 amdk7 amdk7.sys Wed Aug 04 07:59:19 2004 (41107B37)

f7707000 f770d200 PCIIDEX PCIIDEX.SYS Wed Aug 04 07:59:40 2004 (41107B4C)

f770f000 f7713900 PartMgr PartMgr.sys Sat Aug 18 03:32:23 2001 (3B7DC5A7)

f7717000 f771c500 nv_agp nv_agp.sys Sat Apr 03 01:46:39 2004 (406DFB5F)

f773f000 f7743580 ptilink ptilink.sys Fri Aug 17 22:49:53 2001 (3B7D8371)

f7747000 f774b080 raspti raspti.sys Fri Aug 17 22:55:32 2001 (3B7D84C4)

f777f000 f7783500 watchdog watchdog.sys Wed Aug 04 08:07:32 2004 (41107D24)

f7797000 f779db00 fdc fdc.sys Wed Aug 04 07:59:25 2004 (41107B3D)

f779f000 f77a4a00 mouclass mouclass.sys Wed Aug 04 07:58:32 2004 (41107B08)

f77a7000 f77ad000 kbdclass kbdclass.sys Wed Aug 04 07:58:32 2004 (41107B08)

f77af000 f77b3880 TDI TDI.SYS Wed Aug 04 08:07:47 2004 (41107D33)

f77ef000 f77f3280 usbohci usbohci.sys Wed Aug 04 08:08:34 2004 (41107D62)

f77f7000 f77fd800 usbehci usbehci.sys Wed Aug 04 08:08:34 2004 (41107D62)

f77ff000 f7804000 usbuhci usbuhci.sys Wed Aug 04 08:08:34 2004 (41107D62)

f7807000 f780db00 ElbyCDFL ElbyCDFL.sys Thu Dec 14 22:22:33 2006 (4581C099)

f780f000 f7817000 ASAPIW2k ASAPIW2k.sys Fri Nov 28 18:34:39 2003 (3FC7872F)

f7817000 f781e000 GEARAspiWDM GEARAspiWDM.sys Mon Aug 07 19:11:27 2006 (44D7743F)

f7832000 f7857700 dmio dmio.sys Wed Aug 04 08:07:13 2004 (41107D11)

f7858000 f7876880 ftdisk ftdisk.sys Fri Aug 17 22:52:41 2001 (3B7D8419)

f7897000 f789a000 BOOTVID BOOTVID.dll Fri Aug 17 22:49:09 2001 (3B7D8345)

f789b000 f789d800 SiWinAcc SiWinAcc.sys Wed Oct 15 20:28:16 2003 (3F8D91C0)

f7937000 f793ac80 serenum serenum.sys Wed Aug 04 07:59:06 2004 (41107B2A)

f793b000 f793d580 ndistapi ndistapi.sys Fri Aug 17 22:55:29 2001 (3B7D84C1)

f795b000 f796e600 nvatabus nvatabus.sys Thu Jun 03 19:40:44 2004 (40BF629C)

f796f000 f7986480 atapi atapi.sys Wed Aug 04 07:59:41 2004 (41107B4D)

f7987000 f7988b80 kdcom kdcom.dll Fri Aug 17 22:49:10 2001 (3B7D8346)

f7989000 f798a100 WMILIB WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)

f798b000 f798c700 dmload dmload.sys Fri Aug 17 22:58:15 2001 (3B7D8567)

f79b1000 f79b27a0 DLACDBHM DLACDBHM.SYS Wed Aug 02 05:06:06 2006 (44D0169E)

f79db000 f79dc100 swenum swenum.sys Wed Aug 04 07:58:41 2004 (41107B11)

f79dd000 f79dede0 DLAPoolM DLAPoolM.SYS Tue Aug 08 18:15:36 2006 (44D8B8A8)

f79f7000 f79f8280 USBD USBD.SYS Fri Aug 17 23:02:58 2001 (3B7D8682)

f7a37000 f7a4ec80 si3112r si3112r.sys Wed May 12 23:01:17 2004 (40A2909D)

f7a4f000 f7a4fd00 PCIIde PCIIde.sys Fri Aug 17 22:51:49 2001 (3B7D83E5)

f7a58000 f7a58d00 dxgthk dxgthk.sys Fri Aug 17 22:53:12 2001 (3B7D8438)

 

Unloaded modules:

b9059000 b9061000 ousbehci.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

b2367000 b236c000 Cdaudio.SYS

Timestamp: unavailable (00000000)

Checksum: 00000000

b1691000 b1694000 Sfloppy.SYS

Timestamp: unavailable (00000000)

Checksum: 00000000

74e30000 74e9c000 RichEd20.dll

Timestamp: Wed Aug 04 09:56:28 2004 (411096AC)

Checksum: 000765F3

5fff0000 5fff4000 KBDSW.DLL

Timestamp: Fri Aug 17 23:56:54 2001 (3B7D9326)

Checksum: 0000A84C

Closing open log file c:\debuglog.txt[/log]

 

Länk till kommentar
Dela på andra webbplatser

Kommer du fram till något med hjälp av dumpfilen, Zipp?

 

Det här är en ny drivrutin i alla fall

b9e81000 b9ee6000 an1tik8i an1tik8i.SYS Thu Mar 27 13:24:26 2008 (47EB91FA)

Gå med Utforskaren till C:\Windows\System32\Drivers (eller kanske C:\Windows\System32) och högerklicka på an1tik8i.SYS och välj Egenskaper. Kolla på versionsfliken vad det är för företag/produkt den hör till.

 

804d7000 806eb780 nt ntoskrnl.exe Wed Aug 04 08:19:48 2004 (41108004)

Hmm, min ntoskrnl.exe i C:\Windows\System32 är från 2007. Hur har du det med uppdateringar av Windows?

 

Länk till kommentar
Dela på andra webbplatser

Nu hänger jag inte riktigt med här xD ska jag göra något? ;)

försökte hitta an1tik8i.SYS men hittade den varken genom att kolla själv eller söka... sökte även på dolda filer och mappar då...

 

Länk till kommentar
Dela på andra webbplatser

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Sök-funktionen tycker jag inte verkar riktigt pålitlig alla gånger så det bästa är att själv gå till rätt mapp.

 

Länk till kommentar
Dela på andra webbplatser

nej, hittar den tyvärr inte... avbockat det du sa och letat igenom både bara system32 och i drivers...

 

Länk till kommentar
Dela på andra webbplatser

Sök på allt i datorn och se om du kan lyckas hitta den nu när du har ställt in Utforskaren bättre?

Har du Daemon Tools installerad? I så fall kolla dess mapp.

Filen har ju körts så någonstans måste den ju finnas.

 

804d7000 806eb780 nt ntoskrnl.exe Wed Aug 04 08:19:48 2004 (41108004)

Hmm, min ntoskrnl.exe i C:\Windows\System32 är från 2007. Hur har du det med uppdateringar av Windows?

 

Länk till kommentar
Dela på andra webbplatser

väldigt konstigt men jag hittar vekligen ingen fil med det namnet :S

 

angående uppdateringar så brukar datorn söka uppdateringar ungefär en gång/månad och installera dom... så jag har inte så mycket koll på vilka det är (:

 

Länk till kommentar
Dela på andra webbplatser

 

Var detta allt i blåskärmen som man kunde se

 

DRIVER_IRQL_NOT_LESS_OR_EQUAL

 

sen fick jag ***STOP: 0x000000D1 (0x7765C544, 0x0000002, 0x00000000, 0x07765C544)

 

 

Länk till kommentar
Dela på andra webbplatser

nej, men det var på dom ställena som cecilia sa åt mig att kolla på... är det något speciellt som du vill veta? kan ju alltid försöka starta upp dtorn igen, då brukar den ju komma upp xD

 

Länk till kommentar
Dela på andra webbplatser

 

Bocka av starta om automatiskt om blåskärmen inte är kvar så länge att man ser info i den.

Titta om du ser nå filnamn.

 

Länk till kommentar
Dela på andra webbplatser

Står inget filnamn... stor att problemet troligen är en hårdvara och dess drivrutin eller liknande, och att det kanske kan fixas med att uppdatera windows... (:

sen står det ju att omd et här är första gången så starta om datorn och om dety kommer upp igen gå in på felsäkert och avinstallera hårdvaran typ.

 

Länk till kommentar
Dela på andra webbplatser

inte som jag vet förutom en HP sak som jag tog bort. asså en gammal sak till en gammal kamera. då kom jag nämligen in ibland och då sa datorn till att det var just den som skapade problemet... men nu säger den inget alls :/

 

Länk till kommentar
Dela på andra webbplatser

 

Vet inte vad som är problemet men skriv/kopiera devmgmt.msc i Kör fältet och klicka Ok.

Titta där om det finns nå problem markerat väl med gult.

 

Länk till kommentar
Dela på andra webbplatser

hmm.. inget på det jag får upp från början är gult, men ska jag klicka in på dom olika sakerna, som till exempel disk drivers, och kolla mer?

 

Länk till kommentar
Dela på andra webbplatser

om jag inte minns fel så byter Daemon Tools namn på den där filen varje gång datorn startar. så var det för mig innan iaf när jag sökte efter rootkits så kom en sån där .sys fil i den /drivers mappen som tillhörde DT men när jag tog bort den och rebootade så hade det kommit en ny med ett nytt namn...

 

/donqen

 

Länk till kommentar
Dela på andra webbplatser

eh, fattade inte riktigt hur jag skulle göra det... valde att kolla alla "drivers" som datorn hade installerad och då när jag startade om så kom det ju upp det där blår fönstret. så det är ju en av dom iaf... men ska jag kolla någon speciell? (:

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...