Just nu i M3-nätverket
Gå till innehåll

Segar i starten


joad

Rekommendera Poster

Jag har ett "problem" som jag börjar ledsna på. Min dator laggar något alldeles väldigt efter att den kommit till inloggningen. Efter att ha fyllt i mitt lösenord stannar datorn onödigt länge, för att sedan ta sig vidare till mitt klassiskt blåa Windows-skrivbord, men helt utan ikoner. Här kan den sedan stå och bara tänka i flera minuter. Det låter inte något särskilt om hårddisken, lite vanligt tugg så där någon gång och total stiltje. Jag ser dioderna på mitt modem från där jag sitter och de blinkar inte hysteriskt, men kanske lite grann någon gång. Därefter drar den igång som vanligt och tänker lite medan ikonerna dyker upp och aktivitetsfältet fylls på som på vilken annan dator som helst.

 

Jag har verkligen, verkligen rensat bort allt jag vågar som drar igång automatiskt med hjälp av Msconfig. Jag har avinstallerat Java helt, uppdaterat mitt grafikkort till så nya drivrutiner som möjligt. Flera gånger har jag letat drivrutiner till mitt ljudkort men det verkar så gammalt att inget nytt tillkommit på på flera år. Dessutom har jag letat spyware och strunt med Ad-aware, Spybot SD, SuperAntispyware och Malwarebytes AntiMalware utöver att jag använder SpywareBlaster för att blockera skräp på förhand. Jag använder Avira Antivirus sedan många år och Online Armor som brandvägg, jag har bytt från andra brandväggar några gånger för att se om någon alternativ brandvägg kunde lösa problemet men nej. Dessutom har jag sökt igenom min dator med DriverCleaner Pro och CCleaner, visst hittar de skräp men inget jag gör snabbar på uppstarten. Som inte detta räckte så har skannat mitt register med flera olika "städa registret-program" såsom Glary Registry Repair, Little Registry Cleaner och nu senast provade jag Kingsoft PC Doctor, men noll.

 

Datorn funkar helt utan problem när den väl blivit inloggad, men som sagt det tar en evighet. En sak är emellertid uppenbar! Någonting körs i samband med start, för om jag trycker igång datorn och tar en dusch, eller pysslar med något annat och låter datorn göra vad den nu vill minst lika länge som jag annars skulle få sitta och vänta, så sker inloggningen precis som man kunde önska när jag skjuter iväg mitt lösenord.

 

Någon som har idéer? Tack på förhand.

Länk till kommentar
Dela på andra webbplatser

Jag fyller på med innehållet i min Aktivitetshanterare från strax efter att den blå bakgrunden dyker upp och jag kan trycka Ctlr-Alt-Del. Bilden blir så grynig att jag skriver av istället:

 

Namn Användare CPU Minnesanv. Referenser

svchost.exe 00 16 864 kB 868

winlogon.exe 00 1 012 kB 511

csrss.exe 00 3 548 kB 407

System 00 264 kB 323

lsass.exe 00 5 372 kB 322

services.exe 00 3 580 kB 293

svchost.exe 00 4 576 kB 252

WgaTray.exe 00 10 316 kB 247

oasrv.exe 00 8 488 kB 245

avguard.exe 00 1 692 kB 197

explorer.exe 00 10 492 kB 166

wuauclt.exe 00 7 028 kB 142

svchost.exe 00 3 404 kB 135

svchost.exe 00 4 036 kB 125

svchost.exe 00 3 476 kB 117

ati2evxx.exe 00 4 868 kB 114

ati2evxx.exe 00 3 224 kB 91

sched.exe 00 560 kB 91

taskmgr.exe 00 4 940 kB 74

oacat.exe 00 1 940 kB 70

uphclean.exe 00 1 560 kB 43

avshadow.exe 00 2 484 kB 39

smss.exe 00 436 kB 20

Systemets vänteprocess SYSTEM 99 28 kB 0

 

Edit: Ok, det var kanske inte så begåvat för mellanslagen försvinner förstås i HTML och tabbar finns väl inga.

Länk till kommentar
Dela på andra webbplatser

Hej,

prova med att ge oss en DDSlogg,

 

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

Mvh

Mats H

 

Länk till kommentar
Dela på andra webbplatser

Ok, då kommer dds.txt här klipp och klistra utan knappar och jox. Attach.txt bifogas zippad. Jag ser när jag tittar på filerna att det är många många referenser till olika städprogram och det är inte konstigt, för jag har försökt använda allt möjligt för att få ordning på det här. Men den sega starten kom före alla städprogram och lååångt före min tomtom-gps, om den skulle komma på tal.

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by nnn at 22:04:45 on 2011-10-22

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1360 [GMT 2:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Online Armor Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\Tall Emu\Online Armor\oacat.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\Tall Emu\Online Armor\oasrv.exe

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\Program\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program\TomTom HOME 2\TomTomHOMEService.exe

C:\Program\UPHClean\uphclean.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Avira\AntiVir Desktop\avshadow.exe

svchost.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\ASUS\Six Engine\SixEngine.exe

C:\Program\Tall Emu\Online Armor\oaui.exe

C:\Program\Avira\AntiVir Desktop\avgnt.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program\Tall Emu\Online Armor\OAhlp.exe

C:\Program\DAEMON Tools Lite\DTLite.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.se/

mSearchAssistant = about:blank

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program\utils\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program\getright\xx2gr.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot\SDHelper.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program\free download manager\iefdm2.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program\utils\orbitdownloader\GrabPro.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [TomTomHOME.exe] "c:\program\tomtom home 2\TomTomHOMERunner.exe" -s

uRun: [DAEMON Tools Lite] "c:\program\daemon tools lite\DTLite.exe" -autorun

mRun: [soundMAXPnP] c:\program\analog devices\core\smax4pnp.exe

mRun: [soundMAX] "c:\program\analog devices\soundmax\Smax4.exe" /tray

mRun: [six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r

mRun: [@OnlineArmor GUI] "c:\program\tall emu\online armor\oaui.exe"

mRun: [avgnt] "c:\program\avira\antivir desktop\avgnt.exe" /min

mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

IE: &Download by Orbit - c:\program\utils\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program\utils\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program\utils\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program\utils\orbitdownloader\orbitmxt.dll/202

IE: Download all with Free Download Manager - file://c:\program\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program\free download manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program\free download manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program\free download manager\dllink.htm

IE: Download with GetRight - c:\program\getright\GRdownload.htm

IE: Open with GetRight Browser - c:\program\getright\GRbrowse.htm

IE: Translate this web page with Babylon - c:\program\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot\SDHelper.dll

DPF: {01113300-3E00-11D2-8470-0060089874ED}

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}

TCP: DhcpNameServer = 193.150.193.150 83.255.245.11

TCP: Interfaces\{CF797CF8-34F1-4927-B8A8-6891C302378E} : DhcpNameServer = 193.150.193.150 83.255.245.11

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program\delade filer\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\program\tallem~1\online~1\oaevent.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\nnn\application data\mozilla\firefox\profiles\5nb7d7so.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - prefs.js: network.proxy.type - 1

FF - component: c:\program\free download manager\firefox\extension\components\vmsfdmff.dll

FF - plugin: c:\documents and settings\nnn\lokala instã¤llningar\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program\mozilla firefox\plugins\NPinfotl.dll

FF - plugin: c:\program\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - plugin: c:\program\utils\real alternative\browser\plugins\nppl3260.dll

FF - plugin: c:\program\utils\real alternative\browser\plugins\nprpjplug.dll

.

============= SERVICES / DRIVERS ===============

.

R0 BC;BC;c:\windows\system32\drivers\BC.sys [2011-10-16 24984]

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-9-30 26248]

R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-9-30 20616]

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-9-4 24941]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-2 64512]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2009-5-31 150568]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-28 232512]

R1 kmodurl;kmodurl;c:\program\kingsoft\pcdoctor\kmodurl.sys [2011-9-6 110496]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-3-10 223312]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-3-10 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-3-10 29776]

R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\SASDIFSV.SYS [2006-10-10 12880]

R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2007-2-27 67664]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program\avira\antivir desktop\sched.exe [2011-10-19 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program\avira\antivir desktop\avguard.exe [2011-10-19 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-19 74640]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-11-7 10384]

R2 OAcat;Online Armor Helper Service;c:\program\tall emu\online armor\oacat.exe [2009-3-10 1282248]

R2 SvcOnlineArmor;Online Armor;c:\program\tall emu\online armor\oasrv.exe [2009-3-10 3291336]

R2 TomTomHOMEService;TomTomHOMEService;c:\program\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]

R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-9-30 122504]

S3 !SASCORE;SAS Core Service;c:\program\superantispyware\SASCORE.EXE [2010-10-14 116608]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2009-12-1 49904]

S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2006-9-4 1287296]

S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\stk02nw2.sys --> c:\windows\system32\drivers\STK02NW2.sys [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-11-16 13192]

S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-9-30 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-11-16 8456]

S3 KSafeSvc;KSafe service;c:\program\kingsoft\pcdoctor\KSafeSvc.exe [2011-9-7 429984]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-8-18 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-8-18 8320]

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2002-9-9 17018]

S3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2006-2-16 12872]

S3 SQTECH900A;ZBR-DSC-DRIVER(PID_900A_00);c:\windows\system32\drivers\Capt900a.sys [2011-5-24 133888]

S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [2006-9-4 258560]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys --> c:\windows\system32\drivers\anvioctl.sys [?]

S4 Garodbu;Garodbu; [x]

.

=============== Created Last 30 ================

.

2011-10-22 12:46:51 -------- d-----w- c:\program\ATI Technologies

2011-10-22 12:37:34 -------- d-----w- C:\ATI

2011-10-22 11:13:34 -------- d-----w- c:\program\Driver Cleaner Pro

2011-10-22 09:06:00 -------- d--h--w- c:\windows\$hf_mig$

2011-10-21 16:24:00 0 ----a-w- C:\ngen.exe

2011-10-19 17:28:46 -------- d-----w- c:\program\Paint.NET

2011-10-19 16:00:00 -------- d-----w- c:\documents and settings\nnn\application data\Avira

2011-10-19 15:58:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-19 15:58:57 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-19 15:58:03 -------- d-----w- c:\program\Avira

2011-10-19 15:58:03 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-10-15 22:45:15 24984 ----a-w- c:\windows\system32\drivers\BC.sys

2011-10-15 22:20:24 38400 ----a-w- c:\windows\system32\pchsvc.dll

2011-10-15 22:20:24 34816 -c--a-w- c:\windows\system32\dllcache\iprip.dll

2011-10-15 22:20:24 34816 ----a-w- c:\windows\system32\iprip.dll

2011-10-15 22:20:19 -------- d-sh--w- C:\KRSHistory

2011-10-15 21:26:40 -------- d-----w- c:\documents and settings\nnn\application data\kingsoft

2011-10-15 20:30:54 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-10-15 16:16:45 -------- d--h--w- C:\SafeRecycle

2011-10-15 16:11:29 -------- d-sh--w- c:\documents and settings\all users\application data\KRSHistory

2011-10-15 16:11:12 -------- d-----w- c:\documents and settings\nnn\application data\KSafe

2011-10-15 16:11:06 -------- d-----w- c:\documents and settings\all users\application data\Safe

2011-10-15 16:10:48 -------- d-----w- c:\documents and settings\all users\application data\kingsoft

2011-10-15 16:10:05 -------- d-----w- c:\program\Kingsoft

2011-10-07 15:05:50 323624 ----a-w- c:\windows\system32\wiaaut.dll

.

==================== Find3M ====================

.

2011-10-13 19:41:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-09 12:11:53 323584 -c--a-w- c:\windows\system32\AUDIOGENIE2.DLL

2011-09-26 09:41:40 612352 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41:40 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 09:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-17 14:19:15 55296 ----a-w- c:\windows\system32\disable.exe

2011-09-17 14:19:15 117 ----a-w- c:\windows\system32\disabledvd.vbs

2011-09-09 09:12:07 602112 ----a-w- c:\windows\system32\crypt32.dll

2011-09-08 18:24:14 7180800 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-09-08 18:17:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-09-08 17:50:08 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-09-08 17:50:02 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-09-08 17:46:32 5701632 ----a-w- c:\windows\system32\aticaldd.dll

2011-09-08 17:41:52 18571264 ----a-w- c:\windows\system32\atioglxx.dll

2011-09-08 17:26:46 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-09-08 17:25:58 3953280 ----a-w- c:\windows\system32\ati3duag.dll

2011-09-08 17:25:42 303104 ----a-w- c:\windows\system32\ati2dvag.dll

2011-09-08 17:19:36 956160 ----a-w- c:\windows\system32\ativvamv.dll

2011-09-08 17:09:28 3174656 ----a-w- c:\windows\system32\ativvaxx.dll

2011-09-08 17:09:18 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-09-08 17:09:08 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-09-08 17:09:02 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-09-08 17:08:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-09-08 17:08:42 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-09-08 17:07:36 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-09-08 17:06:26 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-09-08 17:05:10 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-09-08 17:01:54 704512 ----a-w- c:\windows\system32\atikvmag.dll

2011-09-08 17:00:28 528384 ----a-w- c:\windows\system32\atiok3x2.dll

2011-09-08 16:58:28 208896 ----a-w- c:\windows\system32\atiadlxx.dll

2011-09-08 16:58:06 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-09-08 16:52:44 876544 ----a-w- c:\windows\system32\ati2cqag.dll

2011-09-08 16:52:08 65024 ----a-w- c:\windows\system32\atimpc32.dll

2011-09-08 16:52:08 65024 ----a-w- c:\windows\system32\amdpcom32.dll

2011-09-08 16:52:06 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-09-06 14:09:57 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 15:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-08-28 18:34:00 116 ----a-w- c:\windows\system32\enabledvd.vbs

2011-08-28 16:52:47 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-28 16:36:17 443448 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-22 23:40:15 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:40:14 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:40:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:58:29 385024 ----a-w- c:\windows\system32\html.iec

2011-08-18 13:25:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-04 21:08:22 714526 ----a-w- c:\windows\unins000.exe

2008-08-19 21:42:15 47 -c--a-w- c:\program\off.bat

2007-03-20 08:01:42 405 -c--a-w- c:\program\flush.bat

2002-01-27 23:58:08 32768 -c--a-w- c:\program\shutdown.exe

2005-06-26 14:32:28 616448 -csha-r- c:\windows\system32\cygwin1.dll

2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll

2004-01-24 23:00:00 70656 -csha-r- c:\windows\system32\i420vfw.dll

2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll

2007-12-17 13:43:00 27648 -csh--w- c:\windows\system32\Smab0.dll

2010-01-06 22:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3200822AS rev.3.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe hal.dll CLASSPNP.SYS disk.sys ACPI.sys atapi.sys sptd.sys pciide.sys PCIIDEX.SYS

c:\windows\system32\drivers\sptd.sys

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A543AB8]

3 CLASSPNP[0xB8118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000098[0x8A4D48B0]

5 ACPI[0xB7E69620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8A4D3D98]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [sI], CH; JL 0x2d; JNZ 0x3b; }

user != kernel MBR !!!

sectors 390721966 (+255): user != kernel

.

============= FINISH: 22:07:39,01 ===============

Länk till kommentar
Dela på andra webbplatser

Hej,

kan du ladda upp följande fil på Virus Total:

C:\ngen.exe

Virustotal hittar du här: http://www.virustotal.com/index.html

Välj fliken Upload a file, tryck på bläddrakanppen, hitta filen och tryck Send File.

 

Återkom med färdiganalyserat svar, kopiera in svarslänken från Virus Total här i din tråd.

 

Vidare, avinstallera Kingsofts samtliga program, som kan vara en orsak till den tröga uppstarten.

c:\program\kingsoft\pcdoctor\kmodurl.sys

 

Hur länge har du haft bekymmren?

 

Ser att du inte bifogat dds.txt, använd full redigerar "knappen" under rutan här när du gör det.

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser

Hej, jag gör ett nytt försök med zippad Attach.txt. Dds.txt är inklistrad direkt i inlägget.

 

Kingsoft PC Doctor är bara ytterligare ett program som jag givit en chans för att försöka knäcka problemet. Jag installerade det för högst en vecka sedan. Seg start har jag haft sedan i vintras tror jag, eller kanske ännu längre. Man glömmer.

 

Edit: Virus Totals webb verkar ligga nere just nu

attach.zip

Länk till kommentar
Dela på andra webbplatser

Hej,

bortse från mitt tidigare svar, om du inte redan börjat med proceduren.

 

Efter vidare granskning ser vi att det kan finnas risk för rootkit, så följande:

så vi vill kolla med ComboFix också. Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser

Ok, naturligtvis uppdaterades Avira igår, så nu liknar den inte sig själv längre. Får leta lite för att stänga av virusprogrammet.

Länk till kommentar
Dela på andra webbplatser

Ok, nu sover väl alla. Men min dator har tuggat klart, efter en BSOD så att jag körde allt i felsäkert läge istället. Vet inte varför jag inte kunde få död på Lavasoft helt men här kommer ComboFix-loggen (och ja Antivir är påslaget igen):

 

ComboFix 11-10-21.06 - nnn 2011-10-22 23:47:07.2.4 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1692 [GMT 2:00]

Körs från: c:\documents and settings\nnn\Skrivbord\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Safe

c:\documents and settings\All Users\Application Data\Safe\Cache\commrun\Logitech SetPoint.lnk

c:\documents and settings\All Users\Application Data\Safe\zsinfo.dat

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}\Setup.ico

c:\documents and settings\nnn\WINDOWS

C:\ErrLog.txt

c:\program\Internet Explorer\SET53.tmp

c:\program\Internet Explorer\SET57.tmp

c:\program\Internet Explorer\SET58.tmp

c:\program\messenger\msmsgsin.exe

C:\test.exe

c:\windows\help\tours\htmltour\unlock_playing.htm

c:\windows\is-0KKHF.exe

c:\windows\iun6002.exe

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\system32\Cache

c:\windows\system32\CddbCdda.dll

c:\windows\system32\d3d9caps.dat

c:\windows\system32\pchsvc.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

(((((((((((((((((((((((( Filer skapade från 2011-09-22 till 2011-10-22 ))))))))))))))))))))))))))))))

.

.

2011-10-22 13:01 . 2011-10-22 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

2011-10-22 12:46 . 2011-10-22 12:54 -------- d-----w- c:\program\ATI Technologies

2011-10-22 12:37 . 2011-10-22 12:37 -------- d-----w- C:\ATI

2011-10-22 11:13 . 2011-10-22 11:13 -------- d-----w- c:\program\Driver Cleaner Pro

2011-10-22 09:06 . 2011-10-22 09:06 -------- d--h--w- c:\windows\$hf_mig$

2011-10-21 16:24 . 2011-10-21 16:24 0 ----a-w- C:\ngen.exe

2011-10-19 17:28 . 2011-10-19 17:30 -------- d-----w- c:\program\Paint.NET

2011-10-19 17:28 . 2011-10-19 17:31 -------- d-----w- c:\documents and settings\nnn\Lokala inställningar\Application Data\Paint.NET

2011-10-19 16:00 . 2011-10-19 16:00 -------- d-----w- c:\documents and settings\nnn\Application Data\Avira

2011-10-19 15:58 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-19 15:58 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-19 15:58 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-10-19 15:58 . 2011-10-19 15:58 -------- d-----w- c:\program\Avira

2011-10-19 15:58 . 2011-10-19 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-10-16 09:59 . 2011-10-16 09:59 -------- d-----w- c:\documents and settings\xyz\Application Data\KSafe

2011-10-15 22:45 . 2011-05-24 01:34 24984 ----a-w- c:\windows\system32\drivers\BC.sys

2011-10-15 22:20 . 2008-04-14 16:04 34816 -c--a-w- c:\windows\system32\dllcache\iprip.dll

2011-10-15 22:20 . 2008-04-14 16:04 34816 ----a-w- c:\windows\system32\iprip.dll

2011-10-15 22:20 . 2011-10-15 22:20 -------- d-----w- C:\KRSHistory

2011-10-15 21:29 . 2011-10-15 21:29 -------- d-----w- c:\documents and settings\nnn\Lokala inställningar\Application Data\KSafe

2011-10-15 21:26 . 2011-10-15 21:26 -------- d-----w- c:\documents and settings\nnn\Application Data\kingsoft

2011-10-15 20:30 . 2011-10-15 17:29 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-10-15 16:16 . 2011-10-15 16:16 -------- d-----w- C:\SafeRecycle

2011-10-15 16:11 . 2011-10-15 22:45 -------- d-sh--w- c:\documents and settings\All Users\Application Data\KRSHistory

2011-10-15 16:11 . 2011-10-15 16:11 -------- d-----w- c:\documents and settings\nnn\Application Data\KSafe

2011-10-15 16:10 . 2011-10-15 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\kingsoft

2011-10-15 16:10 . 2011-10-15 16:10 -------- d-----w- c:\program\Kingsoft

2011-10-13 19:17 . 2011-10-13 19:17 -------- d-----w- c:\documents and settings\nnn\Lokala inställningar\Application Data\PCHealth

2011-10-07 15:05 . 2011-10-07 15:05 323624 ----a-w- c:\windows\system32\wiaaut.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-22 20:26 . 2011-10-22 20:26 4774 ----a-w- C:\attach.zip

2011-10-13 19:41 . 2011-05-17 15:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-09 12:11 . 2008-11-01 17:28 323584 -c--a-w- c:\windows\system32\AUDIOGENIE2.DLL

2011-09-26 09:41 . 2008-07-29 17:59 612352 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2001-09-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 09:41 . 2001-09-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-17 14:19 . 2011-09-04 15:16 55296 ----a-w- c:\windows\system32\disable.exe

2011-09-17 14:19 . 2011-09-04 15:16 117 ----a-w- c:\windows\system32\disabledvd.vbs

2011-09-09 09:12 . 2001-09-28 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll

2011-09-08 16:52 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\amdpcom32.dll

2011-09-06 14:09 . 2001-09-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 15:00 . 2009-02-13 11:01 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-08-28 18:34 . 2011-08-28 18:32 116 ----a-w- c:\windows\system32\enabledvd.vbs

2011-08-28 16:52 . 2011-08-28 16:52 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-28 16:36 . 2006-09-09 19:30 443448 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-22 23:40 . 2001-09-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:40 . 2001-09-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:40 . 2001-09-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:58 . 2006-09-03 13:12 385024 ----a-w- c:\windows\system32\html.iec

2011-08-18 13:25 . 2010-04-02 11:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-08-17 13:49 . 2001-09-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-04 21:08 . 2011-08-04 21:08 714526 ----a-w- c:\windows\unins000.exe

2008-08-19 21:42 . 2008-08-19 21:42 47 -c--a-w- c:\program\off.bat

2007-03-20 08:01 . 2007-03-20 08:01 405 -c--a-w- c:\program\flush.bat

2002-01-27 23:58 . 2008-08-19 21:40 32768 -c--a-w- c:\program\shutdown.exe

2011-08-17 14:58 . 2011-05-06 15:02 134104 ----a-w- c:\program\mozilla firefox\components\browsercomps.dll

2005-06-26 14:32 616448 -csha-r- c:\windows\system32\cygwin1.dll

2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll

2004-01-24 23:00 70656 -csha-r- c:\windows\system32\i420vfw.dll

2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll

2007-12-17 13:43 27648 -csh--w- c:\windows\system32\Smab0.dll

2010-01-06 22:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"DAEMON Tools Lite"="c:\program\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2008-03-17 1040384]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]

"@OnlineArmor GUI"="c:\program\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]

"avgnt"="c:\program\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 98304]

.

c:\documents and settings\xyz\Start-meny\Program\Autostart\

OpenOffice.org 2.2.lnk - c:\program\OpenOffice.org 2.2\program\quickstart.exe [N/A]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\program\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2010-01-04 11:24 548352 ----a-w- c:\program\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 11:28 72208 ----a-w- c:\program\Delade filer\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0\0lsdelete

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma Loader.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^BankID säkerhetsprogram.lnk]

backup=c:\windows\pss\BankID säkerhetsprogram.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Bluetooth Manager.lnk]

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^STK02N 2.0 PNP Monitor.lnk]

backup=c:\windows\pss\STK02N 2.0 PNP Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^nnn^Start-meny^Program^Autostart^outpost.exe.lnk]

backup=c:\windows\pss\outpost.exe.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link D-Link Wireless G DWL-G122_DWA-110

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSitter Pro

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Grid

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionMDEngine

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Firewall

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]

2009-01-02 21:51 1427968 ----a-w- c:\program\ASUS\AI Suite\AiNap\AiNap.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 16:05 110592 -c----w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-04-10 18:21 136176 -c--atw- c:\documents and settings\nnn\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2004-03-17 07:10 61952 -c--a-r- c:\windows\system32\HDAudPropShortcut.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]

2009-07-22 12:40 83336 ----a-w- c:\program\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2008-12-03 11:47 1205760 -c--a-w- c:\program\Nokia\Nokia PC Suite 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36 421888 ----a-w- c:\program\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-12-03 14:46 14944136 ----a-r- c:\program\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 14:07 2260480 -csha-r- c:\program\Spybot\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-10-16 16:46 4615552 ----a-w- c:\program\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]

2007-04-10 21:46 709992 -c--a-w- c:\windows\vVX1000.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2006-11-21 17:38 35328 -c--a-w- c:\program\viewers\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"OutpostFirewall"=2 (0x2)

"aawservice"=2 (0x2)

"Adobe LM Service"=3 (0x3)

"Ati HotKey Poller"=2 (0x2)

"ATI Smart"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\utils\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program\\utils\\Orbitdownloader\\orbitnet.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14184:TCP"= 14184:TCP:BitComet 14184 TCP

"14184:UDP"= 14184:UDP:BitComet 14184 UDP

.

R0 BC;BC;c:\windows\system32\drivers\BC.sys [2011-10-16 24984]

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-09-30 26248]

R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-09-30 20616]

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-09-04 24941]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-04-02 64512]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2009-05-31 150568]

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-08-28 232512]

R1 kmodurl;kmodurl;c:\program\Kingsoft\PcDoctor\kmodurl.sys [2011-09-06 110496]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-03-10 223312]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-03-10 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-03-10 29776]

R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 12880]

R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 67664]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2011-08-18 2151640]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-11-07 10384]

R2 OAcat;Online Armor Helper Service;c:\program\Tall Emu\Online Armor\oacat.exe [2009-03-10 1282248]

R2 SvcOnlineArmor;Online Armor;c:\program\Tall Emu\Online Armor\oasrv.exe [2009-03-10 3291336]

R2 TomTomHOMEService;TomTomHOMEService;c:\program\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-09-30 122504]

S3 !SASCORE;SAS Core Service;c:\program\SUPERAntiSpyware\SASCORE.EXE [2010-10-14 116608]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2009-12-01 49904]

S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2006-09-04 1287296]

S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys --> c:\windows\system32\DRIVERS\STK02NW2.sys [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-11-16 13192]

S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-09-30 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-11-16 8456]

S3 KSafeSvc;KSafe service;c:\program\Kingsoft\PcDoctor\KSafeSvc.exe [2011-09-07 429984]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program\Lavasoft\Ad-Aware\kernexplorer.sys [2011-08-18 15232]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program\Microsoft Fix it Center\Matsvc.exe [2011-06-13 267568]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-08-18 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-08-18 8320]

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2002-09-09 17018]

S3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 12872]

S3 SQTECH900A;ZBR-DSC-DRIVER(PID_900A_00);c:\windows\system32\drivers\Capt900a.sys [2011-05-24 133888]

S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [2006-09-04 258560]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 ANVIOCTL;ANVIOCTL;c:\windows\system32\DRIVERS\anvioctl.sys --> c:\windows\system32\DRIVERS\anvioctl.sys [?]

S4 Garodbu;Garodbu; [x]

.

--- Övriga tjänster/drivrutiner i minnet ---

.

*Deregistered* - uphcleanhlp

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2011-10-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 17:29]

.

2011-02-22 c:\windows\Tasks\jusched.job

- c:\program\Java\jre6\bin\jusched.exe [2009-05-21 03:17]

.

2011-10-22 c:\windows\Tasks\User_Feed_Synchronization-{FFBB0541-9A7C-4891-8376-032ACACB7B29}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

IE: &Download by Orbit - c:\program\utils\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program\utils\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program\utils\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program\utils\Orbitdownloader\orbitmxt.dll/202

IE: Download all with Free Download Manager - file://c:\program\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program\Free Download Manager\dllink.htm

IE: Download with GetRight - c:\program\GetRight\GRdownload.htm

IE: Open with GetRight Browser - c:\program\GetRight\GRbrowse.htm

IE: Translate this web page with Babylon - c:\program\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

TCP: DhcpNameServer = 193.150.193.150 83.255.245.11

FF - ProfilePath - c:\documents and settings\nnn\Application Data\Mozilla\Firefox\Profiles\5nb7d7so.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - prefs.js: network.proxy.type - 1

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-Cmaudio - cmicnfg.cpl

MSConfigStartUp-nwiz - nwiz.exe

AddRemove-{991B1E79-12B6-40C3-A081-1FC47C6F2F37} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{991B1~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2011-10-23 00:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3200822AS rev.3.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

sectors 390721966 (+255): user != kernel

.

**************************************************************************

.

--------------------- DLL'er som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'winlogon.exe'(948)

c:\program\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\program\delade filer\logishrd\bluetooth\LBTWlgn.dll

c:\program\delade filer\logishrd\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(2956)

c:\program\Tall Emu\Online Armor\OAwatch.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

c:\program\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\program\Microsoft Virtual PC\VPCShExH.DLL

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program\Avira\AntiVir Desktop\avguard.exe

c:\program\UPHClean\uphclean.exe

c:\program\Avira\AntiVir Desktop\avshadow.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program\Tall Emu\Online Armor\OAhlp.exe

c:\program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Sluttid: 2011-10-23 00:17:30 - datorn startades om.

ComboFix-quarantined-files.txt 2011-10-22 22:17

.

Före genomsökningen: 78 891 597 824 byte ledigt

Efter genomsökningen: 78 976 143 360 byte ledigt

.

- - End Of File - - C0511A39A6B3BCE4A168579892740D31

Länk till kommentar
Dela på andra webbplatser

Hej!

Vi kollar med följande:

Spara MBRCheck.exe av a_d_13 på Skrivbordet.

Kör programmet.

 

Vänta tills programmet är klart eller till texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:"

visas. I det senare fallet tryck på N följt av Enter.

 

När det är klart skapas en loggfil på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för

körningen.

 

Öppna loggen i Anteckningar genom att dubbelklicka på loggen och klistra in innehållet i ditt svar

 

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser

Nu har jag avinstallerat några program, däribland Lavasoft Ad-aware eftersom det envetet verkar kleta fast någon process som är lögn att få död på manuellt. Dessutom har jag kört Rkill flera gånger i rad, som vi använde när jag hjälpte en vän att få död på ett rootkit-virus i våras. Måste säga att om detta är ett rootkit så är det betydligt mycket stillsammare än det viruset som smällde upp varningar för allt möjligt stup i kvarten. Just nu defragmenterar jag mina diskar. Blev riktigt inspirerad. Återkommer med ny logg så snart defragmenteringen tuggat klart.

Länk till kommentar
Dela på andra webbplatser

Ok, här kommer mer nöjesläsning. Noterar något full i skratt att min största disk verkar ha en annorlunda MBR än de två andra. Windows 98? Edit: (Den största disken är inte min bootdisk utan är mitt filarkiv)

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0200003d

 

Kernel Drivers (total 164):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xB85A8000 \WINDOWS\system32\KDCOM.DLL

0xB84B8000 \WINDOWS\system32\BOOTVID.dll

0xB7E91000 sptd.sys

0xB7E63000 ACPI.sys

0xB85AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xB7E52000 pci.sys

0xB80A8000 isapnp.sys

0xB80B8000 ohci1394.sys

0xB80C8000 \WINDOWS\System32\DRIVERS\1394BUS.SYS

0xB80D8000 BC.sys

0xB8670000 pciide.sys

0xB8328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xB80E8000 MountMgr.sys

0xB7E33000 ftdisk.sys

0xB85AC000 dmload.sys

0xB7E0D000 dmio.sys

0xB8330000 PartMgr.sys

0xB80F8000 VolSnap.sys

0xB7DF5000 atapi.sys

0xB7DBF000 Si3114r5.sys

0xB7DA7000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

0xB8338000 iteraid.sys

0xB7D67000 mv61xx.sys

0xB8108000 disk.sys

0xB8118000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xB7D47000 fltmgr.sys

0xB7D35000 sr.sys

0xB84BC000 SiWinAcc.sys

0xB8128000 PxHelp20.sys

0xB7D1E000 KSecDD.sys

0xB7D07000 WudfPf.sys

0xB84C0000 eufs.sys

0xB7C7A000 Ntfs.sys

0xB7C4D000 NDIS.sys

0xB85AE000 SiRemFil.sys

0xB7C33000 Mup.sys

0xB8340000 eubakup.sys

0xB8188000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xB5D8C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

0xB5629000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB5601000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB84A8000 \SystemRoot\System32\DRIVERS\usbuhci.sys

0xB55DD000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xB84B0000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB8268000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB8360000 \SystemRoot\System32\Drivers\ElbyCDFL.sys

0xB8278000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xB8288000 \SystemRoot\System32\DRIVERS\redbook.sys

0xB55BA000 \SystemRoot\System32\DRIVERS\ks.sys

0xB5574000 \SystemRoot\system32\DRIVERS\yk51x86.sys

0xB8298000 \SystemRoot\System32\DRIVERS\nic1394.sys

0xB8390000 \SystemRoot\System32\DRIVERS\fdc.sys

0xB860A000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0xB82A8000 \SystemRoot\System32\DRIVERS\serial.sys

0xB6627000 \SystemRoot\System32\DRIVERS\serenum.sys

0xB5366000 \SystemRoot\System32\Drivers\a042dha1.SYS

0xB5355000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys

0xB8564000 \SystemRoot\system32\DRIVERS\gameenum.sys

0xB8733000 \SystemRoot\System32\DRIVERS\audstub.sys

0xB6B2C000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xB8568000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xB533E000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xB6B1C000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xB6B0C000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xB8448000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xB8450000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xB8458000 \SystemRoot\System32\DRIVERS\raspti.sys

0xB6AFC000 \SystemRoot\System32\DRIVERS\termdd.sys

0xB8460000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xB8468000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xB8620000 \SystemRoot\System32\DRIVERS\swenum.sys

0xB52E0000 \SystemRoot\System32\DRIVERS\update.sys

0xB8570000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xB52C3000 \SystemRoot\system32\DRIVERS\EuDisk.sys

0xB5257000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

0xB6537000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xA702A000 \SystemRoot\system32\drivers\AtiHdmi.sys

0xA7006000 \SystemRoot\system32\drivers\portcls.sys

0xB6507000 \SystemRoot\system32\drivers\drmk.sys

0xB64F7000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xB8630000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xA6F43000 \SystemRoot\system32\drivers\ADIHdAud.sys

0xA6F2B000 \SystemRoot\system32\drivers\AEAudio.sys

0xA6ECB000 \SystemRoot\system32\drivers\Senfilt.sys

0xB83A0000 \SystemRoot\System32\DRIVERS\flpydisk.sys

0xB8634000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xB8793000 \SystemRoot\System32\Drivers\Null.SYS

0xB8636000 \SystemRoot\System32\Drivers\Beep.SYS

0xB83B0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xB83B8000 \SystemRoot\System32\drivers\vga.sys

0xB8638000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xB863A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xB83E0000 \SystemRoot\System32\Drivers\Msfs.SYS

0xB83E8000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB662F000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xB8178000 \??\C:\WINDOWS\system32\drivers\OAnet.sys

0xA6CE7000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xB8198000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xA6C8E000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xB83F0000 \??\C:\WINDOWS\system32\drivers\OAmon.sys

0xA6C68000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xB81A8000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xA6C23000 \??\C:\Program\Kingsoft\PcDoctor\kmodurl.sys

0xB81B8000 \SystemRoot\System32\DRIVERS\arp1394.sys

0xA6BFB000 \SystemRoot\System32\DRIVERS\netbt.sys

0xA6BD9000 \SystemRoot\System32\drivers\afd.sys

0xB81C8000 \SystemRoot\System32\DRIVERS\netbios.sys

0xA6B9E000 \??\C:\WINDOWS\system32\Drivers\vmm.sys

0xB83F8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

0xA6B7C000 \??\C:\Program\SUPERAntiSpyware\SASKUTIL.sys

0xB8400000 \??\C:\Program\SUPERAntiSpyware\SASDIFSV.SYS

0xA6B51000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xA6B08000 \??\C:\WINDOWS\system32\drivers\OADriver.sys

0xA6A98000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xB81E8000 \SystemRoot\System32\Drivers\Fips.SYS

0xB8408000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

0xB8208000 \SystemRoot\system32\DRIVERS\avkmgr.sys

0xA6A23000 \SystemRoot\system32\DRIVERS\avipbb.sys

0xB8218000 \SystemRoot\system32\DRIVERS\asuskbnt.sys

0xB87BD000 \??\C:\WINDOWS\system32\drivers\aslm75.sys

0xB8640000 \SystemRoot\system32\drivers\AsIO.sys

0xB8418000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xB8238000 \SystemRoot\system32\drivers\usbaudio.sys

0xA6FFA000 \SystemRoot\System32\DRIVERS\hidusb.sys

0xB8248000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS

0xB8438000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0xB82C8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

0xA68EA000 \SystemRoot\system32\DRIVERS\Wdf01000.sys

0xBF800000 \SystemRoot\System32\win32k.sys

0xA6FE6000 \SystemRoot\System32\drivers\Dxapi.sys

0xB8470000 \SystemRoot\System32\watchdog.sys

0xA6FDE000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xA6E37000 \SystemRoot\System32\DRIVERS\mouhid.sys

0xB83C0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xB86D1000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\ati2dvag.dll

0xBD061000 \SystemRoot\System32\ati2cqag.dll

0xBD137000 \SystemRoot\System32\atikvmag.dll

0xBD1F4000 \SystemRoot\System32\atiok3x2.dll

0xBD279000 \SystemRoot\System32\ati3duag.dll

0xBD63F000 \SystemRoot\System32\ativvaxx.dll

0xBD947000 \SystemRoot\System32\ATMFD.DLL

0xA3D80000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0xA3C52000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys

0xA3E71000 \SystemRoot\system32\DRIVERS\nwlnknb.sys

0xB6B3C000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys

0xA38F5000 \SystemRoot\system32\drivers\wdmaud.sys

0xA39EA000 \SystemRoot\system32\drivers\sysaudio.sys

0xA37B3000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xA3AD2000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB85B6000 \SystemRoot\System32\Drivers\StarOpen.SYS

0xB83A8000 \SystemRoot\System32\drivers\aspi32.sys

0xB85B8000 \??\C:\WINDOWS\system32\drivers\EIO.sys

0xB876A000 \SystemRoot\System32\Drivers\LBeepKE.sys

0xA3CF8000 \SystemRoot\System32\DRIVERS\secdrv.sys

0xA36B1000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys

0xA3591000 \SystemRoot\system32\DRIVERS\srv.sys

0xA3230000 \SystemRoot\System32\Drivers\HTTP.sys

0xA31DD000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

0x10000000 \Program\DAEMON Tools Lite\Engine.dll

 

Processes (total 37):

0 System Idle Process

4 System

700 C:\WINDOWS\system32\smss.exe

784 csrss.exe

832 C:\WINDOWS\system32\winlogon.exe

876 C:\WINDOWS\system32\services.exe

888 C:\WINDOWS\system32\lsass.exe

1088 C:\WINDOWS\system32\ati2evxx.exe

1108 C:\WINDOWS\system32\svchost.exe

1204 svchost.exe

1384 C:\WINDOWS\system32\svchost.exe

1556 C:\WINDOWS\system32\svchost.exe

1600 C:\Program\Tall Emu\Online Armor\oacat.exe

1712 C:\WINDOWS\system32\ati2evxx.exe

1776 C:\Program\Tall Emu\Online Armor\oasrv.exe

496 C:\WINDOWS\explorer.exe

724 C:\WINDOWS\system32\spoolsv.exe

764 C:\Program\Avira\AntiVir Desktop\sched.exe

1656 C:\Program\Avira\AntiVir Desktop\avguard.exe

2008 C:\WINDOWS\system32\svchost.exe

280 C:\Program\TomTom HOME 2\TomTomHOMEService.exe

1460 C:\WINDOWS\system32\wuauclt.exe

2084 C:\Program\Avira\AntiVir Desktop\avshadow.exe

2968 wmiprvse.exe

3020 alg.exe

3748 C:\Program\Analog Devices\Core\smax4pnp.exe

3820 svchost.exe

4056 C:\Program Files\ASUS\Six Engine\SixEngine.exe

308 C:\Program\Tall Emu\Online Armor\oaui.exe

340 C:\Program\Avira\AntiVir Desktop\avgnt.exe

372 C:\Program\TomTom HOME 2\TomTomHOMERunner.exe

2212 C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

2360 C:\Program\Tall Emu\Online Armor\oahlp.exe

2312 C:\Program\DAEMON Tools Lite\DTLite.exe

3372 C:\Program\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

3716 C:\Documents and Settings\Anders\Skrivbord\MBRCheck.exe

3840 C:\Program\Avira\AntiVir Desktop\ipmgui.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)

\\.\Z: --> \\.\PhysicalDrive0 at offset 0x0000001f`ff590600 (NTFS)

 

PhysicalDrive0 Model Number: ST3200822AS, Rev: 3.01

PhysicalDrive2 Model Number: ST3200822AS, Rev: 3.01

PhysicalDrive1 Model Number: SAMSUNGHD502IJ, Rev: 1AA01113

 

Size Device Name MBR Status

--------------------------------------------

186 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: EEC098E77D0529BD75F64F7B26552C1BA4417B73

186 GB \\.\PhysicalDrive2 Windows XP MBR code detected

SHA1: EEC098E77D0529BD75F64F7B26552C1BA4417B73

465 GB \\.\PhysicalDrive1 Windows 98 MBR code detected

SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

 

 

Done!

Länk till kommentar
Dela på andra webbplatser

Hittade en annan tråd om rootkit, som nämnde TDSSKILLER, så här kommer den loggen också:

 

22:01:34.0171 0308 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48

22:01:34.0453 0308 ============================================================

22:01:34.0453 0308 Current date / time: 2011/10/23 22:01:34.0453

22:01:34.0453 0308 SystemInfo:

22:01:34.0453 0308

22:01:34.0453 0308 OS Version: 5.1.2600 ServicePack: 3.0

22:01:34.0453 0308 Product type: Workstation

22:01:34.0453 0308 ComputerName: Min dator

22:01:34.0453 0308 UserName: nnn

22:01:34.0453 0308 Windows directory: C:\WINDOWS

22:01:34.0453 0308 System windows directory: C:\WINDOWS

22:01:34.0453 0308 Processor architecture: Intel x86

22:01:34.0453 0308 Number of processors: 4

22:01:34.0453 0308 Page size: 0x1000

22:01:34.0453 0308 Boot type: Normal boot

22:01:34.0453 0308 ============================================================

22:01:35.0890 0308 Initialize success

22:01:43.0265 2088 ============================================================

22:01:43.0265 2088 Scan started

22:01:43.0265 2088 Mode: Manual;

22:01:43.0265 2088 ============================================================

22:01:44.0687 2088 Abiosdsk - ok

22:01:44.0718 2088 abp480n5 - ok

22:01:44.0765 2088 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:01:44.0765 2088 ACPI - ok

22:01:44.0796 2088 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys

22:01:44.0796 2088 ACPIEC - ok

22:01:44.0843 2088 ADIHdAudAddService (f277c43c2e0672eed28cca0d13ce175f) C:\WINDOWS\system32\drivers\ADIHdAud.sys

22:01:44.0843 2088 ADIHdAudAddService - ok

22:01:44.0859 2088 adpu160m - ok

22:01:44.0890 2088 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys

22:01:44.0906 2088 AEAudio - ok

22:01:44.0937 2088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

22:01:44.0953 2088 aec - ok

22:01:45.0000 2088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

22:01:45.0000 2088 AFD - ok

22:01:45.0015 2088 Aha154x - ok

22:01:45.0031 2088 aic78u2 - ok

22:01:45.0031 2088 aic78xx - ok

22:01:45.0046 2088 AliIde - ok

22:01:45.0062 2088 amsint - ok

22:01:45.0078 2088 ANVIOCTL - ok

22:01:45.0125 2088 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:01:45.0125 2088 Arp1394 - ok

22:01:45.0140 2088 asc - ok

22:01:45.0156 2088 asc3350p - ok

22:01:45.0171 2088 asc3550 - ok

22:01:45.0203 2088 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys

22:01:45.0203 2088 AsIO - ok

22:01:45.0234 2088 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys

22:01:45.0234 2088 aslm75 - ok

22:01:45.0265 2088 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

22:01:45.0265 2088 Aspi32 - ok

22:01:45.0296 2088 asuskbnt (96b3170a74d8bbae3c897ab9d4dbc885) C:\WINDOWS\system32\DRIVERS\asuskbnt.sys

22:01:45.0296 2088 asuskbnt - ok

22:01:45.0343 2088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:01:45.0343 2088 AsyncMac - ok

22:01:45.0375 2088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:01:45.0375 2088 atapi - ok

22:01:45.0390 2088 Atdisk - ok

22:01:45.0593 2088 ati2mtag (0a8b257db810be78ac9fd1860b4ba22b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

22:01:45.0625 2088 ati2mtag - ok

22:01:45.0671 2088 AtiHdmiService (1e82f05cff41316bcaa513909d99a004) C:\WINDOWS\system32\drivers\AtiHdmi.sys

22:01:45.0671 2088 AtiHdmiService - ok

22:01:45.0718 2088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:01:45.0718 2088 Atmarpc - ok

22:01:45.0765 2088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:01:45.0765 2088 audstub - ok

22:01:45.0796 2088 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

22:01:45.0796 2088 avgntflt - ok

22:01:45.0828 2088 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys

22:01:45.0828 2088 avipbb - ok

22:01:45.0843 2088 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

22:01:45.0843 2088 avkmgr - ok

22:01:45.0875 2088 BC (8964a8f677a76a68609c67320dda6bc9) C:\WINDOWS\system32\Drivers\BC.sys

22:01:45.0890 2088 BC - ok

22:01:45.0921 2088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:01:45.0921 2088 Beep - ok

22:01:45.0968 2088 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

22:01:45.0968 2088 BthEnum - ok

22:01:45.0984 2088 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

22:01:46.0000 2088 BthPan - ok

22:01:46.0046 2088 BTHPORT (5393b93cacf7f0f91ebacd014fe2b4c9) C:\WINDOWS\system32\Drivers\BTHport.sys

22:01:46.0046 2088 BTHPORT - ok

22:01:46.0078 2088 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

22:01:46.0093 2088 BTHUSB - ok

22:01:46.0125 2088 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

22:01:46.0125 2088 BVRPMPR5 - ok

22:01:46.0171 2088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:01:46.0171 2088 cbidf2k - ok

22:01:46.0203 2088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

22:01:46.0203 2088 CCDECODE - ok

22:01:46.0218 2088 cd20xrnt - ok

22:01:46.0250 2088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:01:46.0250 2088 Cdaudio - ok

22:01:46.0296 2088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

22:01:46.0296 2088 Cdfs - ok

22:01:46.0328 2088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:01:46.0328 2088 Cdrom - ok

22:01:46.0343 2088 Changer - ok

22:01:46.0359 2088 CmdIde - ok

22:01:46.0421 2088 cmudax (d7fcada6833a0e243ca89c03bd559bd9) C:\WINDOWS\system32\drivers\cmudax.sys

22:01:46.0421 2088 cmudax - ok

22:01:46.0437 2088 Cpqarray - ok

22:01:46.0453 2088 dac2w2k - ok

22:01:46.0468 2088 dac960nt - ok

22:01:46.0484 2088 DCamUSBSTK02N - ok

22:01:46.0515 2088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

22:01:46.0515 2088 Disk - ok

22:01:46.0562 2088 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys

22:01:46.0562 2088 dmboot - ok

22:01:46.0593 2088 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys

22:01:46.0593 2088 dmio - ok

22:01:46.0609 2088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:01:46.0625 2088 dmload - ok

22:01:46.0640 2088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

22:01:46.0656 2088 DMusic - ok

22:01:46.0671 2088 dpti2o - ok

22:01:46.0687 2088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

22:01:46.0687 2088 drmkaud - ok

22:01:46.0703 2088 dtscsi - ok

22:01:46.0734 2088 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

22:01:46.0734 2088 dtsoftbus01 - ok

22:01:46.0765 2088 EIO (4e60d89388edbb852112fd63779d4274) C:\WINDOWS\system32\drivers\EIO.sys

22:01:46.0765 2088 EIO - ok

22:01:46.0812 2088 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

22:01:46.0812 2088 EL90XBC - ok

22:01:46.0859 2088 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

22:01:46.0859 2088 ElbyCDFL - ok

22:01:46.0875 2088 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

22:01:46.0875 2088 ElbyCDIO - ok

22:01:46.0921 2088 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys

22:01:46.0921 2088 epmntdrv - ok

22:01:46.0968 2088 EUBAKUP (eada995e71211537fb3726c700af6fac) C:\WINDOWS\system32\drivers\eubakup.sys

22:01:46.0968 2088 EUBAKUP - ok

22:01:46.0984 2088 EuDisk (37aba51f85518fc381cefc8d76f2e2c4) C:\WINDOWS\system32\DRIVERS\EuDisk.sys

22:01:46.0984 2088 EuDisk - ok

22:01:47.0015 2088 EUDSKACS (cb41e20ce4a32584ea592f07f5da12c5) C:\WINDOWS\system32\drivers\eudskacs.sys

22:01:47.0015 2088 EUDSKACS - ok

22:01:47.0031 2088 EUFS (a08e9e711cd7661d7c3f19ee638102c2) C:\WINDOWS\system32\drivers\eufs.sys

22:01:47.0031 2088 EUFS - ok

22:01:47.0078 2088 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys

22:01:47.0078 2088 EuGdiDrv - ok

22:01:47.0125 2088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

22:01:47.0125 2088 Fastfat - ok

22:01:47.0140 2088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

22:01:47.0156 2088 Fdc - ok

22:01:47.0156 2088 FileDisk - ok

22:01:47.0187 2088 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys

22:01:47.0187 2088 Fips - ok

22:01:47.0203 2088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

22:01:47.0203 2088 Flpydisk - ok

22:01:47.0250 2088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

22:01:47.0250 2088 FltMgr - ok

22:01:47.0281 2088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:01:47.0281 2088 Fs_Rec - ok

22:01:47.0296 2088 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:01:47.0312 2088 Ftdisk - ok

22:01:47.0343 2088 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

22:01:47.0343 2088 gameenum - ok

22:01:47.0390 2088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:01:47.0390 2088 Gpc - ok

22:01:47.0421 2088 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys

22:01:47.0421 2088 HdAudAddService - ok

22:01:47.0468 2088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

22:01:47.0468 2088 HDAudBus - ok

22:01:47.0515 2088 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys

22:01:47.0515 2088 hidgame - ok

22:01:47.0562 2088 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:01:47.0562 2088 hidusb - ok

22:01:47.0578 2088 hpn - ok

22:01:47.0593 2088 hpt3xx - ok

22:01:47.0625 2088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

22:01:47.0640 2088 HTTP - ok

22:01:47.0656 2088 i2omgmt - ok

22:01:47.0656 2088 i2omp - ok

22:01:47.0687 2088 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:01:47.0687 2088 i8042prt - ok

22:01:47.0718 2088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:01:47.0718 2088 Imapi - ok

22:01:47.0734 2088 ini910u - ok

22:01:47.0750 2088 IntelIde - ok

22:01:47.0781 2088 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:01:47.0781 2088 intelppm - ok

22:01:47.0812 2088 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

22:01:47.0812 2088 ip6fw - ok

22:01:47.0843 2088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:01:47.0843 2088 IpFilterDriver - ok

22:01:47.0890 2088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:01:47.0890 2088 IpInIp - ok

22:01:47.0921 2088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:01:47.0921 2088 IpNat - ok

22:01:47.0953 2088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:01:47.0953 2088 IPSec - ok

22:01:47.0968 2088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:01:47.0968 2088 IRENUM - ok

22:01:48.0000 2088 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:01:48.0000 2088 isapnp - ok

22:01:48.0031 2088 iteraid (e68cea138a2d6836b416baa06b843338) C:\WINDOWS\system32\DRIVERS\iteraid.sys

22:01:48.0031 2088 iteraid - ok

22:01:48.0078 2088 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:01:48.0078 2088 Kbdclass - ok

22:01:48.0125 2088 kbdhid (e1e28876fe7602b0a1d040354de35c06) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

22:01:48.0125 2088 kbdhid - ok

22:01:48.0156 2088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

22:01:48.0156 2088 kmixer - ok

22:01:48.0265 2088 kmodurl (ad1f3561b7325cf6b8287b9182b1fe47) C:\Program\Kingsoft\PcDoctor\kmodurl.sys

22:01:48.0265 2088 kmodurl - ok

22:01:48.0281 2088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

22:01:48.0296 2088 KSecDD - ok

22:01:48.0312 2088 Lbd - ok

22:01:48.0328 2088 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys

22:01:48.0328 2088 LBeepKE - ok

22:01:48.0343 2088 lbrtfdc - ok

22:01:48.0406 2088 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

22:01:48.0406 2088 LHidFilt - ok

22:01:48.0437 2088 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

22:01:48.0437 2088 LMouFilt - ok

22:01:48.0468 2088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:01:48.0468 2088 mnmdd - ok

22:01:48.0515 2088 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys

22:01:48.0515 2088 Modem - ok

22:01:48.0562 2088 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:01:48.0562 2088 Mouclass - ok

22:01:48.0593 2088 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:01:48.0609 2088 mouhid - ok

22:01:48.0640 2088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

22:01:48.0640 2088 MountMgr - ok

22:01:48.0656 2088 mraid35x - ok

22:01:48.0687 2088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:01:48.0703 2088 MRxDAV - ok

22:01:48.0750 2088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:01:48.0750 2088 MRxSmb - ok

22:01:48.0765 2088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

22:01:48.0781 2088 Msfs - ok

22:01:48.0812 2088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:01:48.0828 2088 MSKSSRV - ok

22:01:48.0875 2088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:01:48.0875 2088 MSPCLOCK - ok

22:01:48.0906 2088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

22:01:48.0906 2088 MSPQM - ok

22:01:48.0953 2088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:01:48.0953 2088 mssmbios - ok

22:01:48.0984 2088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

22:01:48.0984 2088 MSTEE - ok

22:01:49.0031 2088 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

22:01:49.0031 2088 MTsensor - ok

22:01:49.0078 2088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

22:01:49.0078 2088 Mup - ok

22:01:49.0109 2088 mv61xx (e6f48050af7548e4bf775f0d83873794) C:\WINDOWS\system32\DRIVERS\mv61xx.sys

22:01:49.0109 2088 mv61xx - ok

22:01:49.0156 2088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

22:01:49.0156 2088 NABTSFEC - ok

22:01:49.0203 2088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

22:01:49.0203 2088 NDIS - ok

22:01:49.0234 2088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

22:01:49.0234 2088 NdisIP - ok

22:01:49.0265 2088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:01:49.0265 2088 NdisTapi - ok

22:01:49.0296 2088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:01:49.0296 2088 Ndisuio - ok

22:01:49.0312 2088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:01:49.0312 2088 NdisWan - ok

22:01:49.0359 2088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

22:01:49.0359 2088 NDProxy - ok

22:01:49.0390 2088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:01:49.0390 2088 NetBIOS - ok

22:01:49.0421 2088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:01:49.0421 2088 NetBT - ok

22:01:49.0453 2088 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:01:49.0453 2088 NIC1394 - ok

22:01:49.0468 2088 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

22:01:49.0468 2088 nm - ok

22:01:49.0484 2088 nmwcd - ok

22:01:49.0500 2088 nmwcdc - ok

22:01:49.0515 2088 nmwcdnsu - ok

22:01:49.0531 2088 nmwcdnsuc - ok

22:01:49.0546 2088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

22:01:49.0546 2088 Npfs - ok

22:01:49.0609 2088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

22:01:49.0609 2088 Ntfs - ok

22:01:49.0640 2088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:01:49.0640 2088 Null - ok

22:01:49.0671 2088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:01:49.0671 2088 NwlnkFlt - ok

22:01:49.0703 2088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:01:49.0703 2088 NwlnkFwd - ok

22:01:49.0734 2088 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

22:01:49.0734 2088 NwlnkIpx - ok

22:01:49.0765 2088 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

22:01:49.0765 2088 NwlnkNb - ok

22:01:49.0796 2088 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

22:01:49.0796 2088 NwlnkSpx - ok

22:01:49.0843 2088 OADevice (57b641cd45e3dbd784aba7174724f4e0) C:\WINDOWS\system32\drivers\OADriver.sys

22:01:49.0843 2088 OADevice - ok

22:01:49.0875 2088 OAmon (f21b332dab65c9601267d8fc8c04899b) C:\WINDOWS\system32\drivers\OAmon.sys

22:01:49.0875 2088 OAmon - ok

22:01:49.0906 2088 OAnet (5577a7f637f02621cb643f0f470872fc) C:\WINDOWS\system32\drivers\OAnet.sys

22:01:49.0921 2088 OAnet - ok

22:01:49.0968 2088 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:01:49.0968 2088 ohci1394 - ok

22:01:49.0984 2088 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys

22:01:49.0984 2088 Parport - ok

22:01:50.0015 2088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

22:01:50.0015 2088 PartMgr - ok

22:01:50.0031 2088 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys

22:01:50.0046 2088 ParVdm - ok

22:01:50.0078 2088 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

22:01:50.0078 2088 pccsmcfd - ok

22:01:50.0125 2088 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys

22:01:50.0125 2088 PCI - ok

22:01:50.0125 2088 PCIDump - ok

22:01:50.0171 2088 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys

22:01:50.0171 2088 PCIIde - ok

22:01:50.0218 2088 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys

22:01:50.0218 2088 Pcmcia - ok

22:01:50.0234 2088 PDCOMP - ok

22:01:50.0250 2088 PDFRAME - ok

22:01:50.0250 2088 PDRELI - ok

22:01:50.0265 2088 PDRFRAME - ok

22:01:50.0281 2088 perc2 - ok

22:01:50.0296 2088 perc2hib - ok

22:01:50.0359 2088 PLCNDIS5 (9fa04a9accc08030d87168b5559a4869) C:\WINDOWS\system32\PLCNDIS5.SYS

22:01:50.0359 2088 PLCNDIS5 - ok

22:01:50.0390 2088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:01:50.0406 2088 PptpMiniport - ok

22:01:50.0421 2088 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys

22:01:50.0421 2088 Processor - ok

22:01:50.0437 2088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:01:50.0453 2088 Ptilink - ok

22:01:50.0484 2088 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

22:01:50.0484 2088 PxHelp20 - ok

22:01:50.0500 2088 ql1080 - ok

22:01:50.0515 2088 Ql10wnt - ok

22:01:50.0531 2088 ql12160 - ok

22:01:50.0546 2088 ql1240 - ok

22:01:50.0562 2088 ql1280 - ok

22:01:50.0578 2088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:01:50.0578 2088 RasAcd - ok

22:01:50.0625 2088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:01:50.0625 2088 Rasl2tp - ok

22:01:50.0656 2088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:01:50.0656 2088 RasPppoe - ok

22:01:50.0671 2088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:01:50.0671 2088 Raspti - ok

22:01:50.0703 2088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:01:50.0703 2088 Rdbss - ok

22:01:50.0734 2088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:01:50.0734 2088 RDPCDD - ok

22:01:50.0765 2088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:01:50.0765 2088 rdpdr - ok

22:01:50.0828 2088 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

22:01:50.0828 2088 RDPWD - ok

22:01:50.0843 2088 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:01:50.0843 2088 redbook - ok

22:01:50.0890 2088 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

22:01:50.0890 2088 RFCOMM - ok

22:01:50.0953 2088 RT73 (4ef3f74439aa644bcd8ddc0ed88a5d01) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys

22:01:50.0968 2088 RT73 - ok

22:01:51.0015 2088 SASDIFSV (39763504067962108505bff25f024345) C:\Program\SUPERAntiSpyware\SASDIFSV.SYS

22:01:51.0015 2088 SASDIFSV - ok

22:01:51.0046 2088 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program\SUPERAntiSpyware\SASENUM.SYS

22:01:51.0046 2088 SASENUM - ok

22:01:51.0062 2088 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program\SUPERAntiSpyware\SASKUTIL.sys

22:01:51.0062 2088 SASKUTIL - ok

22:01:51.0125 2088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:01:51.0125 2088 Secdrv - ok

22:01:51.0171 2088 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys

22:01:51.0187 2088 SenFiltService - ok

22:01:51.0234 2088 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

22:01:51.0234 2088 serenum - ok

22:01:51.0250 2088 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\DRIVERS\serial.sys

22:01:51.0250 2088 Serial - ok

22:01:51.0281 2088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:01:51.0281 2088 Sfloppy - ok

22:01:51.0343 2088 Si3114r5 (09889d435edc82435b18c7c311fe5721) C:\WINDOWS\system32\DRIVERS\Si3114r5.sys

22:01:51.0343 2088 Si3114r5 - ok

22:01:51.0375 2088 SiFilter (46b92189fe4db53a09e3a0099aa3084c) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

22:01:51.0375 2088 SiFilter - ok

22:01:51.0390 2088 Simbad - ok

22:01:51.0421 2088 SiRemFil (b688378d258d1ecce4768cdb55d48d92) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys

22:01:51.0421 2088 SiRemFil - ok

22:01:51.0453 2088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

22:01:51.0453 2088 SLIP - ok

22:01:51.0468 2088 Sparrow - ok

22:01:51.0515 2088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

22:01:51.0515 2088 splitter - ok

22:01:51.0718 2088 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\WINDOWS\System32\Drivers\sptd.sys

22:01:51.0718 2088 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9

22:01:51.0718 2088 sptd ( LockedFile.Multi.Generic ) - warning

22:01:51.0718 2088 sptd - detected LockedFile.Multi.Generic (1)

22:01:51.0765 2088 SQTECH900A (b31bfae7ff74c4cb956d3599cb546bef) C:\WINDOWS\system32\Drivers\Capt900A.sys

22:01:51.0765 2088 SQTECH900A - ok

22:01:51.0796 2088 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys

22:01:51.0796 2088 sr - ok

22:01:51.0843 2088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

22:01:51.0843 2088 Srv - ok

22:01:51.0875 2088 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

22:01:51.0875 2088 ssmdrv - ok

22:01:51.0921 2088 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys

22:01:51.0921 2088 StarOpen - ok

22:01:51.0953 2088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

22:01:51.0953 2088 streamip - ok

22:01:52.0000 2088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:01:52.0000 2088 swenum - ok

22:01:52.0031 2088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

22:01:52.0031 2088 swmidi - ok

22:01:52.0046 2088 symc810 - ok

22:01:52.0062 2088 symc8xx - ok

22:01:52.0078 2088 sym_hi - ok

22:01:52.0093 2088 sym_u3 - ok

22:01:52.0109 2088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

22:01:52.0109 2088 sysaudio - ok

22:01:52.0171 2088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:01:52.0171 2088 Tcpip - ok

22:01:52.0234 2088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:01:52.0234 2088 TDPIPE - ok

22:01:52.0250 2088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

22:01:52.0250 2088 TDTCP - ok

22:01:52.0281 2088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:01:52.0281 2088 TermDD - ok

22:01:52.0312 2088 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys

22:01:52.0312 2088 tmcomm - ok

22:01:52.0328 2088 TosIde - ok

22:01:52.0343 2088 tosporte - ok

22:01:52.0359 2088 tosrfbd - ok

22:01:52.0375 2088 tosrfbnp - ok

22:01:52.0390 2088 Tosrfcom - ok

22:01:52.0390 2088 Tosrfhid - ok

22:01:52.0406 2088 tosrfnds - ok

22:01:52.0421 2088 TosRfSnd - ok

22:01:52.0437 2088 Tosrfusb - ok

22:01:52.0468 2088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

22:01:52.0468 2088 Udfs - ok

22:01:52.0484 2088 ultra - ok

22:01:52.0546 2088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

22:01:52.0546 2088 Update - ok

22:01:52.0562 2088 upperdev - ok

22:01:52.0593 2088 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

22:01:52.0609 2088 usbaudio - ok

22:01:52.0625 2088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:01:52.0625 2088 usbccgp - ok

22:01:52.0656 2088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:01:52.0656 2088 usbehci - ok

22:01:52.0687 2088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:01:52.0687 2088 usbhub - ok

22:01:52.0734 2088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:01:52.0734 2088 usbscan - ok

22:01:52.0765 2088 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

22:01:52.0765 2088 usbser - ok

22:01:52.0781 2088 UsbserFilt - ok

22:01:52.0828 2088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:01:52.0828 2088 USBSTOR - ok

22:01:52.0859 2088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:01:52.0859 2088 usbuhci - ok

22:01:52.0906 2088 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys

22:01:52.0906 2088 VClone - ok

22:01:52.0937 2088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

22:01:52.0937 2088 VgaSave - ok

22:01:52.0953 2088 ViaIde - ok

22:01:53.0015 2088 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\WINDOWS\system32\Drivers\vmm.sys

22:01:53.0015 2088 vmm - ok

22:01:53.0031 2088 VMnetAdapter - ok

22:01:53.0062 2088 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys

22:01:53.0078 2088 VolSnap - ok

22:01:53.0109 2088 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys

22:01:53.0109 2088 VPCNetS2 - ok

22:01:53.0171 2088 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys

22:01:53.0187 2088 VX1000 - ok

22:01:53.0218 2088 W8100XP (f47660ee2cc6161540106b6bfa207f35) C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys

22:01:53.0218 2088 W8100XP - ok

22:01:53.0234 2088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:01:53.0234 2088 Wanarp - ok

22:01:53.0281 2088 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

22:01:53.0296 2088 Wdf01000 - ok

22:01:53.0312 2088 WDICA - ok

22:01:53.0328 2088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

22:01:53.0328 2088 wdmaud - ok

22:01:53.0406 2088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

22:01:53.0406 2088 WSTCODEC - ok

22:01:53.0437 2088 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

22:01:53.0437 2088 WudfPf - ok

22:01:53.0468 2088 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

22:01:53.0468 2088 WudfRd - ok

22:01:53.0515 2088 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

22:01:53.0515 2088 yukonwxp - ok

22:01:53.0546 2088 MBR (0x1B8) (c8919ae61419c5625f9ef0aef12523a8) \Device\Harddisk0\DR0

22:01:53.0687 2088 \Device\Harddisk0\DR0 - ok

22:01:53.0687 2088 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

22:01:53.0687 2088 \Device\Harddisk1\DR1 - ok

22:01:53.0687 2088 MBR (0x1B8) (c8919ae61419c5625f9ef0aef12523a8) \Device\Harddisk2\DR2

22:01:53.0687 2088 \Device\Harddisk2\DR2 - ok

22:01:53.0703 2088 Boot (0x1200) (1496ae1fc5809e591d885ab79dea2f19) \Device\Harddisk0\DR0\Partition0

22:01:53.0703 2088 \Device\Harddisk0\DR0\Partition0 - ok

22:01:53.0718 2088 Boot (0x1200) (caaf2a0492130772927d54939ab424e1) \Device\Harddisk0\DR0\Partition1

22:01:53.0718 2088 \Device\Harddisk0\DR0\Partition1 - ok

22:01:53.0718 2088 Boot (0x1200) (fe2142c014a827adcade0937178ed8ea) \Device\Harddisk1\DR1\Partition0

22:01:53.0718 2088 \Device\Harddisk1\DR1\Partition0 - ok

22:01:53.0718 2088 Boot (0x1200) (3c5a095098a90466aefabc8578528ed3) \Device\Harddisk2\DR2\Partition0

22:01:53.0734 2088 \Device\Harddisk2\DR2\Partition0 - ok

22:01:53.0734 2088 ============================================================

22:01:53.0734 2088 Scan finished

22:01:53.0734 2088 ============================================================

22:01:53.0734 3632 Detected object count: 1

22:01:53.0734 3632 Actual detected object count: 1

22:02:01.0781 3632 sptd ( LockedFile.Multi.Generic ) - skipped by user

22:02:01.0781 3632 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Länk till kommentar
Dela på andra webbplatser

Hej,

något av en kvällsläsning! :D

Dina loggar ser bra ut.

 

Vi återgår till detta:

"kan du ladda upp följande fil på Virus Total:

C:\ngen.exe

Virustotal hittar du här: http://www.virustotal.com/index.html

Välj fliken Upload a file, tryck på bläddrakanppen, hitta filen och tryck Send File.

 

Återkom med färdiganalyserat svar, kopiera in svarslänken från Virus Total här i din tråd."

 

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser

Kanske är jag dum nu, men var ser man om filen har tagits emot? När får man svar? Hur presenteras svaret? När jag klickar på Send file så ploppar en blå ruta upp som talar om att filen skickas, sedan återkommer man till Upload a file och ingenting indikerar att filen är mottagen, analyseras eller någonting. Sidan fungerar dessutom inte alls i Firefox eller Chrome. Jag provade detta tidigare idag när jag inte hade några andra idéer och det fungerade (eller inte) på samma sätt då som nu.

Länk till kommentar
Dela på andra webbplatser

Hej,

det borde se ut som följer, se bilder.

Direkt efter du sänt filen skall fönstret växla till ett med på gående analys, som sedan avslutas med färdigt, den länken är vi ute efter.

Du får inga nya flikar utan allt ska ske i samma flik.

Mvh

Mats

 

post-71618-0-28094500-1319405804_thumb.jpg

 

post-71618-0-22050000-1319405844_thumb.jpg

Länk till kommentar
Dela på andra webbplatser

Något av alla dina säkerhetsprogram som antingen stoppar javascript i största allmänhet eller sådana som används från en annan webbplats kanske.

Länk till kommentar
Dela på andra webbplatser

Nä, jag tror inte att något av säkerhetsprogrammen är igång just nu faktiskt. Jag har verkligen jobbat på att slå ihjäl dem :) Jag laddade ner deras stand-alone och körde den och fick upp någon sorts resultat som liknar bilderna. Här, ta en titt:

 

 

Antivirus Version Last update Result

 

AhnLab-V3 2011.10.22.00 2011.10.22 -

 

AntiVir 7.11.16.106 2011.10.21 -

 

Antiy-AVL 2.0.3.7 2011.10.22 -

 

Avast 6.0.1289.0 2011.10.22 -

 

AVG 10.0.0.1190 2011.10.22 -

 

BitDefender 7.2 2011.10.23 -

 

CAT-QuickHeal 11.00 2011.10.21 -

 

ClamAV 0.97.0.0 2011.10.22 -

 

Commtouch 5.3.2.6 2011.10.23 -

 

Comodo 10532 2011.10.23 -

 

DrWeb 5.0.2.03300 2011.10.23 -

 

Emsisoft 5.1.0.11 2011.10.23 -

 

eSafe 7.0.17.0 2011.10.17 -

 

eTrust-Vet 36.1.8633 2011.10.21 -

 

F-Prot 4.6.5.141 2011.10.23 -

 

F-Secure 9.0.16440.0 2011.10.22 -

 

Fortinet 4.3.370.0 2011.10.22 -

 

GData 22 2011.10.23 -

 

Ikarus T3.1.1.107.0 2011.10.22 -

 

Jiangmin 13.0.900 2011.10.22 -

 

K7AntiVirus 9.116.5326 2011.10.22 -

 

Kaspersky 9.0.0.837 2011.10.22 -

 

McAfee 5.400.0.1158 2011.10.23 -

 

McAfee-GW-Edition 2010.1D 2011.10.22 -

 

Microsoft 1.7801 2011.10.22 -

 

NOD32 6566 2011.10.23 -

 

nProtect 2011-10-22.01 2011.10.22 -

 

Panda 10.0.3.5 2011.10.22 -

 

PCTools 8.0.0.5 2011.10.23 -

 

Prevx 3.0 2011.10.23 -

 

Rising 23.80.04.02 2011.10.21 -

 

Sophos 4.70.0 2011.10.23 -

 

SUPERAntiSpyware 4.40.0.1006 2011.10.22 -

 

Symantec 20111.2.0.82 2011.10.22 -

 

TheHacker 6.7.0.1.327 2011.10.19 -

 

TrendMicro 9.500.0.1008 2011.10.22 -

 

TrendMicro-HouseCall 9.500.0.1008 2011.10.23 -

 

VBA32 3.12.16.4 2011.10.21 -

 

VIPRE 10845 2011.10.23 -

 

ViRobot 2011.10.22.4733 2011.10.22 -

 

VirusBuster 14.1.25.0 2011.10.22 -

 

MD5: d41d8cd98f00b204e9800998ecf8427e

 

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

 

SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

 

File size: 0 bytes

 

Scan date: 2011-10-23 01:14:59 (UTC)

 

 

Men jag blev lite fundersam för i slutet på det jag tror är min rapport dök gamla kommentarer upp. Se bifogad fil.

post-61510-0-91237400-1319406327_thumb.jpg

Länk till kommentar
Dela på andra webbplatser

Hej,

ja ser onekligen lite skumt ut, om du jmfr, med mina skärmklipp, så är ditt resultat ett tidigare kanske?

Olika uppdateringshistorik på AV't.

Men skulle ju kunna bero på att du laddat hem deras program!

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser

Hej,

dags igen för detta!

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser

Ja, nä alltså jag tror att det är något lurt. Det kvittar vilken webbläsare jag använder Firefox 6, Chrome eller M$IE 8 så ser jag den blåa rutan om att nu laddas filen upp och sedan är jag tillbaka vid "Hej här kan du ladda upp en fil". Men nu när jag tittar på ngen.exe ser jag att den har storleken 0kB. Kan det vara en ledtråd till mitt problem? Är den falsk eller uppstår ett fildelningsfel? Hur som helst här är resultatet av ntdetect.com som jag provade att testa bara för att få något resultat:

 

 

File name:

NTDETECT.COM

Submission date:

2011-10-23 22:05:23 (UTC)

Current status:

finished

Result:

0/ 43 (0.0%)

 

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.10.23.00 2011.10.23 -

AntiVir 7.11.16.107 2011.10.23 -

Antiy-AVL 2.0.3.7 2011.10.23 -

Avast 6.0.1289.0 2011.10.23 -

AVG 10.0.0.1190 2011.10.23 -

BitDefender 7.2 2011.10.24 -

ByteHero 1.0.0.1 2011.09.23 -

CAT-QuickHeal 11.00 2011.10.23 -

ClamAV 0.97.0.0 2011.10.23 -

Commtouch 5.3.2.6 2011.10.23 -

Comodo 10542 2011.10.23 -

DrWeb 5.0.2.03300 2011.10.23 -

Emsisoft 5.1.0.11 2011.10.23 -

eSafe 7.0.17.0 2011.10.17 -

eTrust-Vet 36.1.8633 2011.10.21 -

F-Prot 4.6.5.141 2011.10.23 -

F-Secure 9.0.16440.0 2011.10.23 -

Fortinet 4.3.370.0 2011.10.23 -

GData 22 2011.10.23 -

Ikarus T3.1.1.107.0 2011.10.23 -

Jiangmin 13.0.900 2011.10.23 -

K7AntiVirus 9.116.5326 2011.10.22 -

Kaspersky 9.0.0.837 2011.10.23 -

McAfee 5.400.0.1158 2011.10.24 -

McAfee-GW-Edition 2010.1D 2011.10.23 -

Microsoft 1.7801 2011.10.23 -

NOD32 6568 2011.10.23 -

Norman 6.07.13 2011.10.23 -

nProtect 2011-10-23.01 2011.10.23 -

Panda 10.0.3.5 2011.10.23 -

PCTools 8.0.0.5 2011.10.23 -

Prevx 3.0 2011.10.24 -

Rising 23.80.04.02 2011.10.21 -

Sophos 4.70.0 2011.10.23 -

SUPERAntiSpyware 4.40.0.1006 2011.10.22 -

Symantec 20111.2.0.82 2011.10.23 -

TheHacker 6.7.0.1.329 2011.10.23 -

TrendMicro 9.500.0.1008 2011.10.23 -

TrendMicro-HouseCall 9.500.0.1008 2011.10.23 -

VBA32 3.12.16.4 2011.10.21 -

VIPRE 10854 2011.10.23 -

ViRobot 2011.10.22.4733 2011.10.23 -

VirusBuster 14.1.26.0 2011.10.23 -

Additional information

MD5 : b2de3452de03674c6cec68b8c8ce7c78

SHA1 : 6caaff4d8a162bb1080036ce1a6d023aecda36c3

SHA256: 8f7186a71684dd114e89cc908ed9400192bc3a47fb288cce4c5c27d0f5d3afa4

Länk till kommentar
Dela på andra webbplatser

Hej,

korrekt bedömning av ngen.exe, den innehåller inget av fara, inget alls mitt misstag!

Men kan du köra en ny DDS?

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser

Ja, vi gick om varandra men jag såg det. Här kommer dds resultaten. dds.txt i meddelandet och attach.txt zippad och bifogad. Men sedan är det dags för mig att sova.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by nnn at 0:21:28 on 2011-10-24

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1190 [GMT 2:00]

.

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Online Armor Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\Tall Emu\Online Armor\oacat.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Avira\AntiVir Desktop\sched.exe

C:\Program\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program\TomTom HOME 2\TomTomHOMEService.exe

C:\Program\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ASUS\Six Engine\SixEngine.exe

C:\Program\Tall Emu\Online Armor\oaui.exe

svchost.exe

C:\Program\Avira\AntiVir Desktop\avgnt.exe

C:\Program\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\DAEMON Tools Lite\DTLite.exe

C:\Program\Tall Emu\Online Armor\OAhlp.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.se/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot\SDHelper.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [TomTomHOME.exe] "c:\program\tomtom home 2\TomTomHOMERunner.exe" -s

uRun: [DAEMON Tools Lite] "c:\program\daemon tools lite\DTLite.exe" -autorun

mRun: [soundMAXPnP] c:\program\analog devices\core\smax4pnp.exe

mRun: [six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r

mRun: [@OnlineArmor GUI] "c:\program\tall emu\online armor\oaui.exe"

mRun: [avgnt] "c:\program\avira\antivir desktop\avgnt.exe" /min

mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

IE: Translate this web page with Babylon - c:\program\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot\SDHelper.dll

DPF: {01113300-3E00-11D2-8470-0060089874ED}

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}

TCP: DhcpNameServer = 193.150.193.150 83.255.245.11

TCP: Interfaces\{FD8D7F2F-B5AB-42CE-BAC6-67F9EE6E7CD2} : DhcpNameServer = 193.150.193.150 83.255.245.11

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program\delade filer\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\program\tallem~1\online~1\oaevent.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\nnn\application data\mozilla\firefox\profiles\5nb7d7so.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\documents and settings\nnn\lokala instã¤llningar\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program\mozilla firefox\plugins\NPinfotl.dll

FF - plugin: c:\program\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - plugin: c:\program\utils\real alternative\browser\plugins\nppl3260.dll

FF - plugin: c:\program\utils\real alternative\browser\plugins\nprpjplug.dll

.

============= SERVICES / DRIVERS ===============

.

R0 BC;BC;c:\windows\system32\drivers\BC.sys [2011-10-16 24984]

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-9-30 26248]

R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-9-30 20616]

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-9-4 24941]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2009-5-31 150568]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000]

R1 kmodurl;kmodurl;c:\program\kingsoft\pcdoctor\kmodurl.sys [2011-9-6 110496]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-3-10 223312]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-3-10 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-3-10 29776]

R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\SASDIFSV.SYS [2006-10-10 12880]

R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2007-2-27 67664]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program\avira\antivir desktop\sched.exe [2011-10-19 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program\avira\antivir desktop\avguard.exe [2011-10-19 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-19 74640]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-11-7 10384]

R2 OAcat;Online Armor Helper Service;c:\program\tall emu\online armor\oacat.exe [2009-3-10 1282248]

R2 SvcOnlineArmor;Online Armor;c:\program\tall emu\online armor\oasrv.exe [2009-3-10 3291336]

R2 TomTomHOMEService;TomTomHOMEService;c:\program\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-28 232512]

R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-9-30 122504]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S3 !SASCORE;SAS Core Service;c:\program\superantispyware\SASCORE.EXE [2010-10-14 116608]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2009-12-1 49904]

S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2006-9-4 1287296]

S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\stk02nw2.sys --> c:\windows\system32\drivers\STK02NW2.sys [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-11-16 13192]

S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-9-30 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-11-16 8456]

S3 KSafeSvc;KSafe service;c:\program\kingsoft\pcdoctor\KSafeSvc.exe [2011-9-7 429984]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2002-9-9 17018]

S3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2006-2-16 12872]

S3 SQTECH900A;ZBR-DSC-DRIVER(PID_900A_00);c:\windows\system32\drivers\Capt900a.sys [2011-5-24 133888]

S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [2006-9-4 258560]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys --> c:\windows\system32\drivers\anvioctl.sys [?]

S4 Garodbu;Garodbu; [x]

.

=============== Created Last 30 ================

.

2011-10-23 21:23:44 -------- d-----w- c:\program\VirusTotalUploader2

2011-10-23 20:09:46 -------- d-----w- c:\program\ESET

2011-10-23 07:52:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-22 21:21:18 -------- d-sha-r- C:\cmdcons

2011-10-22 21:16:56 98816 ----a-w- c:\windows\sed.exe

2011-10-22 21:16:56 518144 ----a-w- c:\windows\SWREG.exe

2011-10-22 21:16:56 256000 ----a-w- c:\windows\PEV.exe

2011-10-22 21:16:56 208896 ----a-w- c:\windows\MBR.exe

2011-10-22 12:46:51 -------- d-----w- c:\program\ATI Technologies

2011-10-22 12:37:34 -------- d-----w- C:\ATI

2011-10-22 11:13:34 -------- d-----w- c:\program\Driver Cleaner Pro

2011-10-22 09:06:00 -------- d--h--w- c:\windows\$hf_mig$

2011-10-21 16:24:00 0 ----a-w- C:\ngen.exe

2011-10-19 17:28:46 -------- d-----w- c:\program\Paint.NET

2011-10-19 16:00:00 -------- d-----w- c:\documents and settings\nnn\application data\Avira

2011-10-19 15:58:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-19 15:58:57 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-19 15:58:03 -------- d-----w- c:\program\Avira

2011-10-19 15:58:03 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-10-15 22:45:15 24984 ----a-w- c:\windows\system32\drivers\BC.sys

2011-10-15 22:20:24 34816 -c--a-w- c:\windows\system32\dllcache\iprip.dll

2011-10-15 22:20:24 34816 ----a-w- c:\windows\system32\iprip.dll

2011-10-15 22:20:19 -------- d-----w- C:\KRSHistory

2011-10-15 21:26:40 -------- d-----w- c:\documents and settings\nnn\application data\kingsoft

2011-10-15 16:16:45 -------- d-----w- C:\SafeRecycle

2011-10-15 16:11:29 -------- d-sh--w- c:\documents and settings\all users\application data\KRSHistory

2011-10-15 16:11:12 -------- d-----w- c:\documents and settings\nnn\application data\KSafe

2011-10-15 16:10:48 -------- d-----w- c:\documents and settings\all users\application data\kingsoft

2011-10-15 16:10:05 -------- d-----w- c:\program\Kingsoft

2011-10-07 15:05:50 323624 ----a-w- c:\windows\system32\wiaaut.dll

.

==================== Find3M ====================

.

2011-10-23 11:32:42 25992 -c--a-w- c:\windows\system32\pgdfgsvc.exe

2011-10-13 19:41:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-09 12:11:53 323584 -c--a-w- c:\windows\system32\AUDIOGENIE2.DLL

2011-09-26 09:41:40 612352 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41:40 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 09:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-17 14:19:15 55296 ----a-w- c:\windows\system32\disable.exe

2011-09-17 14:19:15 117 ----a-w- c:\windows\system32\disabledvd.vbs

2011-09-09 09:12:07 602112 ----a-w- c:\windows\system32\crypt32.dll

2011-09-08 18:24:14 7180800 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-09-08 18:17:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-09-08 17:50:08 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-09-08 17:50:02 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-09-08 17:46:32 5701632 ----a-w- c:\windows\system32\aticaldd.dll

2011-09-08 17:41:52 18571264 ----a-w- c:\windows\system32\atioglxx.dll

2011-09-08 17:26:46 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-09-08 17:25:58 3953280 ----a-w- c:\windows\system32\ati3duag.dll

2011-09-08 17:25:42 303104 ----a-w- c:\windows\system32\ati2dvag.dll

2011-09-08 17:19:36 956160 ----a-w- c:\windows\system32\ativvamv.dll

2011-09-08 17:09:28 3174656 ----a-w- c:\windows\system32\ativvaxx.dll

2011-09-08 17:09:18 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-09-08 17:09:08 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-09-08 17:09:02 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-09-08 17:08:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-09-08 17:08:42 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-09-08 17:07:36 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-09-08 17:06:26 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-09-08 17:05:10 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-09-08 17:01:54 704512 ----a-w- c:\windows\system32\atikvmag.dll

2011-09-08 17:00:28 528384 ----a-w- c:\windows\system32\atiok3x2.dll

2011-09-08 16:58:28 208896 ----a-w- c:\windows\system32\atiadlxx.dll

2011-09-08 16:58:06 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-09-08 16:52:44 876544 ----a-w- c:\windows\system32\ati2cqag.dll

2011-09-08 16:52:08 65024 ----a-w- c:\windows\system32\atimpc32.dll

2011-09-08 16:52:08 65024 ----a-w- c:\windows\system32\amdpcom32.dll

2011-09-08 16:52:06 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-09-06 14:09:57 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 15:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-08-28 18:34:00 116 ----a-w- c:\windows\system32\enabledvd.vbs

2011-08-28 16:52:47 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-28 16:36:17 443448 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-22 23:40:15 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:40:14 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:40:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:58:29 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-04 21:08:22 714526 ----a-w- c:\windows\unins000.exe

2008-08-19 21:42:15 47 -c--a-w- c:\program\off.bat

2007-03-20 08:01:42 405 -c--a-w- c:\program\flush.bat

2002-01-27 23:58:08 32768 -c--a-w- c:\program\shutdown.exe

2005-06-26 14:32:28 616448 -csha-r- c:\windows\system32\cygwin1.dll

2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll

2004-01-24 23:00:00 70656 -csha-r- c:\windows\system32\i420vfw.dll

2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll

2007-12-17 13:43:00 27648 -csh--w- c:\windows\system32\Smab0.dll

2010-01-06 22:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3200822AS rev.3.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe hal.dll CLASSPNP.SYS disk.sys ACPI.sys atapi.sys sptd.sys pciide.sys PCIIDEX.SYS

c:\windows\system32\drivers\sptd.sys

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A4B7AB8]

3 CLASSPNP[0xB8118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000093[0x8A540198]

5 ACPI[0xB7E69620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8A4BF940]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [sI], CH; JL 0x2d; JNZ 0x3b; }

user != kernel MBR !!!

sectors 390721966 (+255): user != kernel

.

============= FINISH: 0:23:28,92 ===============

attach.zip

Länk till kommentar
Dela på andra webbplatser

Kan tillägga att jag krigade ihjäl de gamla drivrutinerna till mitt ATI Radeon HD 4770 under förmiddagen, har hamnat hemma med sjukt barn. Av någon obegriplig anledning så hade jag en massa ingångar i "Lägg till eller ta bort program" och de var stört omöjliga att bli av med på vanligt sätt. Det fanns inte ens någon knapp för Ändra/Ta bort. Det enda som bet på dem var Windows Install Clean Up. Microsoft har plockat bort programmet, för det verkar kunna paja Office 2007, men det har jag inte så jag tog risken och hittade programmet på Softpedia.com. Nu verkar jag ha fått bort skräpet och jag installerade om så att jag bara har ATIs drivrutiner, inte Catalyst. Jag behöver inga avancerade inställningar.

 

Men det gjorde inte ett dugg för att få min inloggning snabbare.

Länk till kommentar
Dela på andra webbplatser

Hur gammal är datorn och hur mycket RAM-minne finns det i den?

 

Om du tittar under rubriken:

============= SERVICES / DRIVERS ===============

i DDS.txt så ser du att det är en lång lista på tjänster och drivrutiner som startas innan din inloggning görs. Eftersom din inloggning går snabbt om du väntar innan du klickar på välkomstskärmen så verkar det som att det är denna mängd att starta, alternativt att det är en eller ett par av dem som krånglar, som gör att det tar tid.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...