Vraag & Antwoord

Beveiliging & privacy

Megaclick.com probleem!!!

19 antwoorden
  • Ik heb sinds kort last van het volgende: Bij elke 2 of 3 internetpagina`s word ik geredirect naar megaclick.com. Ik heb de toolbar van Megaupload via configuratiescherm gedeïnstalleerd, maar ik heb er nog steeds last van. Ik heb ergens gelezen dat ik iets uit het register moet verwijderen: http://www.techspot.com/vb/topic85756.html Hoe moet ik precies te werk gaan?
  • Download [url=http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe]Hijackthis-setup[/url] naar je [u:c4ec9ffcd1]Bureaublad[/u:c4ec9ffcd1]. Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren. Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen. Kies nu voor [b:c4ec9ffcd1]'Do a system scan and save a logfile'[/b:c4ec9ffcd1]. Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:c4ec9ffcd1]ctrl-A[/b:c4ec9ffcd1]), kopieer ([b:c4ec9ffcd1]ctrl C[/b:c4ec9ffcd1]) en plak deze tekst in je volgende bericht. Succes! 8) Pim
  • Hier is de logfile: Logfile of HijackThis v1.99.1 Scan saved at 1:06:23, on 9-10-2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 08\bin\TW2008.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE F:\Temp\Programma`s\Antivirus & Spyware\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F22EFB4-8922-47B1-A799-7FD533B104E2}: NameServer = 208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
  • Download de nieuwste versie van Hijackthis via onderstaande link: http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe Maak daarmee straks een logfile. Download FixWareout van één van deze locaties: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/file...Fixwareout.exe Plaatst het op de bureaublad en start het. Klik op "Next", daarna op "Install". Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish". Volg de aanwijzingen op het scherm. Als je gevraagd wordt om de computer opnieuw te starten doe je dit. Het zal wat langer duren voor de computer opnieuw volledig opgestart is. Dit is normaal. Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt). Post dit samen met een nieuw HijackThis log. Pim
  • Nieuw HiJack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:49:44, on 9-10-2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\devldr32.exe C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F22EFB4-8922-47B1-A799-7FD533B104E2}: NameServer = 208.67.222.222 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7202 bytes Fixware report: Username "Feike Hemminga" - 09-10-2007 14:51:33 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check De DNS-omzettingscache is leeggemaakt. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe" "UpdReg"="C:\\WINDOWS\\Updreg.exe" "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\"" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe" "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033" "My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S" "MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe" "LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "RssReader"="\"C:\\Documents and Settings\\Feike Hemminga\\Application Data\\Qlikworld\\RSSReader\\RSSReader.exe\" /Autostart" "MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ [/i]
  • 1. Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma, [b:b65acf3eb8]indien aanwezig[/b:b65acf3eb8]: [b:b65acf3eb8] My Web Search My Web Speedbar WebSearch Tools Search Assistant - My Way[/b:b65acf3eb8] 2. Herstart je computer. 3. Start Hijackthis, kies voor 'Do a system scan only en vink onderstaande regels aan, [b:b65acf3eb8]indien nog aanwezig[/b:b65acf3eb8]: [b:b65acf3eb8] R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{6F22EFB4-8922-47B1-A799-7FD533B104E2}: NameServer = 208.67.222.222 [/b:b65acf3eb8] Sluit nu alle open vensters, behalve Hijackthis en klik op Fix checked. 3. Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix[/url] naar je Bureaublad. [list:b65acf3eb8] Dubbelklik [b:b65acf3eb8]Combofix.exe[/b:b65acf3eb8] Volg de instructies, aanvaard de disclaimer door "[b:b65acf3eb8]1[/b:b65acf3eb8]" te typen en te bevestigen via "[b:b65acf3eb8]Enter[/b:b65acf3eb8]". Tijdens het runnen van de fix, [b:b65acf3eb8]NIET[/b:b65acf3eb8] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:b65acf3eb8] Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. [i:b65acf3eb8]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:b65acf3eb8] [b:b65acf3eb8]Note:[/b:b65acf3eb8] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren. Succes! Pim
  • Log van Combofix: ComboFix 07-10-09.3 - Feike Hemminga 2007-10-09 15:58:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.601 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Feike Hemminga\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\FunWebProducts C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))) . 2007-10-09 15:58 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-09 15:51 381,012 --a------ C:\Program Files\Uninstall Fun Web Products.dll 2007-10-09 14:49 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-08 19:17 <DIR> d-------- C:\Program Files\PKR 2007-10-06 23:21 <DIR> d-------- C:\Program Files\PokerStars 2007-10-06 19:58 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-06 19:56 <DIR> d-------- C:\Program Files\Alcohol Soft 2007-10-03 16:57 <DIR> d-------- C:\Program Files\Common Files\Canon 2007-10-03 16:57 <DIR> d-------- C:\Program Files\Canon 2007-10-03 16:53 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-10-03 16:53 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-10-03 16:53 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-10-03 16:53 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-09-24 18:01 <DIR> d-------- C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768 dir 2007-09-24 18:01 202,240 --a------ C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768.scr 2007-09-19 17:13 <DIR> d-------- C:\ANDES 2007-09-19 17:13 247,296 --a------ C:\WINDOWS\UN160413.EXE 2007-09-19 17:13 20,976 --a------ C:\WINDOWS\system\CTL3D.DLL 2007-09-17 00:29 <DIR> d-------- C:\Program Files\Zylom Games 2007-09-17 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom 2007-09-15 03:03 <DIR> d-------- C:\WINDOWS\Preferences . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-09 13:52 --------- d-----w C:\Documents and Settings\Feike Hemminga\Application Data\Azureus 2007-10-06 22:26 --------- d-----w C:\Program Files\Azureus 2007-10-06 01:56 --------- d-----w C:\Program Files\GameSpy Arcade 2007-09-29 00:03 --------- d-----w C:\Program Files\EA SPORTS 2007-09-25 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-25 20:33 --------- d-----w C:\Program Files\KONAMI 2007-09-16 22:29 --------- d-----w C:\Program Files\PopCap Games 2007-08-29 17:17 --------- d-----w C:\Program Files\Common Files\Logitech 2007-08-25 20:21 --------- d-----w C:\Program Files\TVAnts 2007-08-23 16:57 --------- d-----w C:\Program Files\MSN Messenger 2007-08-23 13:08 --------- d-----w C:\Program Files\AviSynth 2.5 2007-08-23 13:08 --------- d-----w C:\Program Files\Avi2Dvd 2007-08-22 15:57 --------- d-----w C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld 2007-08-20 15:34 --------- d-----w C:\Documents and Settings\Feike Hemminga\Application Data\Sony 2007-08-19 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-08-19 13:45 --------- d-----w C:\Program Files\DVD Shrink 2007-08-19 13:37 --------- d-----w C:\Program Files\CloneDVD 2007-08-19 12:41 39,488 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys 2007-08-16 17:36 --------- d-----w C:\Program Files\Steam 2007-08-16 13:26 --------- d-----w C:\Program Files\DivX 2007-08-15 17:41 --------- d-----w C:\Program Files\Electronic Arts 2007-08-15 17:04 --------- d-----w C:\Program Files\D-Tools 2007-08-15 16:39 --------- d-----w C:\Documents and Settings\Feike Hemminga\Application Data\ATI 2007-08-15 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI 2007-08-15 15:48 --------- d-----w C:\Program Files\ATI Technologies 2007-08-15 12:52 --------- d-----w C:\Program Files\Easy Video Joiner 2007-08-15 12:51 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-08-15 12:51 249,856 ------w C:\WINDOWS\Setup1.exe 2007-08-15 12:51 --------- d-----w C:\Program Files\SubSync 2007-08-13 01:54 --------- d-----w C:\Program Files\QuickTime Alternative 2007-08-13 01:54 --------- d-----w C:\Program Files\Media Player Classic 2007-08-13 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-08-11 18:45 --------- d-----w C:\Documents and Settings\Feike Hemminga\Application Data\Yahoo! 2007-08-03 20:02 4,734,976 ----a-w C:\WINDOWS\reloaded.scr 2007-08-03 01:28 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-08-03 00:48 720,896 ----a-w C:\WINDOWS\iun6002.exe 2007-08-02 22:35 270,336 ----a-w C:\WINDOWS\system32\imon.dll 2007-08-02 20:45 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe 2007-08-02 17:55 94,208 ----a-w C:\WINDOWS\system32\34api.dll 2007-08-02 17:55 90,112 ----a-w C:\WINDOWS\system32\34com.dll 2007-08-02 17:55 32,768 ----a-w C:\WINDOWS\system32\Prop7134.dll 2007-07-28 03:37 8,237,056 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-07-28 03:31 344,064 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-07-28 03:30 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-07-28 03:24 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-07-28 03:23 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-07-28 03:23 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-07-28 03:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-07-28 03:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-07-28 03:22 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-07-28 03:21 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-07-28 03:20 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-07-28 03:12 3,067,712 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-07-28 03:06 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-07-28 03:01 1,550,208 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-07-28 02:50 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-07-28 02:47 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-07-28 02:46 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-07-28 02:40 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-07-27 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-07-12 16:18 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll 2007-07-12 02:54 107,864 ----a-w C:\WINDOWS\system32\tsccvid.dll 2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10] "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 01:55] "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-03 00:34] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 16:08] "RssReader"="C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" [2007-08-07 21:38] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Feike Hemminga^Menu Start^Programma's^Opstarten^QuickTV.lnk] path=C:\Documents and Settings\Feike Hemminga\Menu Start\Programma's\Opstarten\QuickTV.lnk backup=C:\WINDOWS\pss\QuickTV.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Program Files\Steam\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet R3 Cap7134;Cap7134 Capture;C:\WINDOWS\System32\DRIVERS\Cap7134.sys R3 PhTVTune;Cap713x TVTuner;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-09 16:00:21 Windows 5.1.2600 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???d???????????? C?????Disc Detector?B???A???????A?p ????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@?p ??????U\?w??????????@?q?????????????????B?????? ????????????????????????????B scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-09 16:00:53 C:\ComboFix-quarantined-files.txt ... 2007-10-09 16:00 . --- E O F --- Log van HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:01:35, on 9-10-2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5746 bytes
  • Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner ( van Atribune)[/url] Dubbelklik op [b:4b720a1853]ATF cleaner[/b:4b720a1853] om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch. Klik op de knop Empty Selected. Gebruik je ook [b:4b720a1853]Firefox[/b:4b720a1853] als browser: Klik op tabblad "Firefox", plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit verwijdert het vinkje bij "Firefox saved passwords") Klik op de knop Empty Selected. Gebruik je ook [b:4b720a1853]Opera[/b:4b720a1853] als browser: Klik op tabblad "Opera", plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop Empty Selected. Ga naar het tabblad "Main" en klik op de knop [b:4b720a1853]Exit[/b:4b720a1853] om het programma af te sluiten. Schakel systemherstel uit, herstart je computer en schakel systeemherstel weer in. [url=http://users.telenet.be/marcvn/spyware/1852808.htm]Hoe systeemherstel te resetten.[/url] Op deze manier haal je alle malware uit je systeemherstel. Ga nu naar de Windows Update website en haal daar alle updates binnen. De belangrijkste in jou geval is ServicePack2! Hoe is het met je problemen? Pim.
  • Op dit moment heb ik geen problemen meer met Megaclick.com, maar ik heb jouw laatste aanwijzingen niet gedaan. Die hou ik nog even achter de hand.
  • Dat is prima, ik raad echter wel aan z.s.m. te updaten naar SP2, wanneer je dit niet doet mis je essentiele beveiligingsupdates en heb je binnen de kortste keren weer nieuwe infecties opgelopen.
  • Hoe kan ik trouwens in het register zien of alles van megaclick weg is? In de link die in mijn 1e post staat daar iets over.
  • Je had last van een Wareout infectie, dit is een DNS Hijacker [quote:9532cd53c5] DNS-servers worden gebruikt om de naam van een website te vertalen naar het IP-adres. Indien deze servers gewijzigd worden door malware, dan worden er foutieve DNS-servers gebruikt. Het gevolg hiervan is dat men wordt doorverwezen naar foutieve websites.[/quote:9532cd53c5] Deze is nu opgelost, dus er komt geen register aan te pas. Zie ook: http://users.telenet.be/marcvn/spyware/1176009.htm
  • Ik heb nog steeds last van deze rotzooi. Hier is een HiJack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:29:21, on 11-10-2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5905 bytes
  • Deïnstalleer combofix: - Ga naar start > uitvoeren en typ ComboFix /u - Klik vervolgens op 2. en klik enter Nu even Combofix opnieuw downloaden en een nieuw logje maken: Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix[/url] naar je Bureaublad. [list:5e0adcf81a] Dubbelklik [b:5e0adcf81a]Combofix.exe[/b:5e0adcf81a] Volg de instructies, aanvaard de disclaimer door "[b:5e0adcf81a]1[/b:5e0adcf81a]" te typen en te bevestigen via "[b:5e0adcf81a]Enter[/b:5e0adcf81a]". Tijdens het runnen van de fix, [b:5e0adcf81a]NIET[/b:5e0adcf81a] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:5e0adcf81a] Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. [i:5e0adcf81a]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:5e0adcf81a] [b:5e0adcf81a]Note:[/b:5e0adcf81a] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
  • Combofix Log: ComboFix 07-10-11.5 - Feike Hemminga 2007-10-11 15:27:06.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.497 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Feike Hemminga\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))) . 2007-10-10 03:39 <DIR> d-------- C:\Program Files\MozBackup 2007-10-09 15:58 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-09 14:49 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-08 19:17 <DIR> d-------- C:\Program Files\PKR 2007-10-06 23:21 <DIR> d-------- C:\Program Files\PokerStars 2007-10-06 19:58 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-06 19:56 <DIR> d-------- C:\Program Files\Alcohol Soft 2007-10-03 16:57 <DIR> d-------- C:\Program Files\Common Files\Canon 2007-10-03 16:57 <DIR> d-------- C:\Program Files\Canon 2007-10-03 16:53 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-10-03 16:53 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-10-03 16:53 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-10-03 16:53 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-09-24 18:01 <DIR> d-------- C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768 dir 2007-09-24 18:01 202,240 --a------ C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768.scr 2007-09-19 17:13 247,296 --a------ C:\WINDOWS\UN160413.EXE 2007-09-19 17:13 20,976 --a------ C:\WINDOWS\system\CTL3D.DLL 2007-09-17 00:29 <DIR> d-------- C:\Program Files\Zylom Games 2007-09-17 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom 2007-09-15 03:03 <DIR> d-------- C:\WINDOWS\Preferences . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-11 13:12 --------- d-----w C:\Documents and Settings\Feike Hemminga\Application Data\Azureus 2007-10-10 13:14 --------- d-----w C:\Program Files\Gabest 2007-10-06 22:26 --------- d-----w C:\Program Files\Azureus 2007-10-06 01:56 --------- d-----w C:\Program Files\GameSpy Arcade 2007-09-29 00:03 --------- d-----w C:\Program Files\EA SPORTS 2007-09-25 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-25 20:33 --------- d-----w C:\Program Files\KONAMI 2007-09-16 22:29 --------- d-----w C:\Program Files\PopCap Games 2007-08-29 17:17 --------- d-----w C:\Program Files\Common Files\Logitech 2007-08-25 20:21 --------- d-----w C:\Program Files\TVAnts 2007-08-23 16:57 --------- d-----w C:\Program Files\MSN Messenger 2007-08-23 13:08 --------- d-----w C:\Program Files\AviSynth 2.5 2007-08-23 13:08 --------- d-----w C:\Program Files\Avi2Dvd 2007-08-22 15:57 --------- d-----w C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld 2007-08-20 15:34 --------- d-----w C:\Documents and Settings\Feike Hemminga\Application Data\Sony 2007-08-19 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-08-19 13:45 --------- d-----w C:\Program Files\DVD Shrink 2007-08-19 13:37 --------- d-----w C:\Program Files\CloneDVD 2007-08-19 12:41 39,488 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys 2007-08-16 17:36 --------- d-----w C:\Program Files\Steam 2007-08-16 13:26 --------- d-----w C:\Program Files\DivX 2007-08-15 17:41 --------- d-----w C:\Program Files\Electronic Arts 2007-08-15 17:04 --------- d-----w C:\Program Files\D-Tools 2007-08-15 16:39 --------- d-----w C:\Documents and Settings\Feike Hemminga\Application Data\ATI 2007-08-15 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI 2007-08-15 15:48 --------- d-----w C:\Program Files\ATI Technologies 2007-08-15 12:52 --------- d-----w C:\Program Files\Easy Video Joiner 2007-08-15 12:51 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-08-15 12:51 249,856 ------w C:\WINDOWS\Setup1.exe 2007-08-15 12:51 --------- d-----w C:\Program Files\SubSync 2007-08-13 01:54 --------- d-----w C:\Program Files\QuickTime Alternative 2007-08-13 01:54 --------- d-----w C:\Program Files\Media Player Classic 2007-08-13 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-08-11 18:45 --------- d-----w C:\Documents and Settings\Feike Hemminga\Application Data\Yahoo! 2007-08-03 20:02 4,734,976 ----a-w C:\WINDOWS\reloaded.scr 2007-08-03 01:28 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-08-03 00:48 720,896 ----a-w C:\WINDOWS\iun6002.exe 2007-08-02 22:35 270,336 ----a-w C:\WINDOWS\system32\imon.dll 2007-08-02 20:45 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe 2007-08-02 17:55 94,208 ----a-w C:\WINDOWS\system32\34api.dll 2007-08-02 17:55 90,112 ----a-w C:\WINDOWS\system32\34com.dll 2007-08-02 17:55 32,768 ----a-w C:\WINDOWS\system32\Prop7134.dll 2007-07-28 03:37 8,237,056 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-07-28 03:31 344,064 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-07-28 03:30 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-07-28 03:24 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-07-28 03:23 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-07-28 03:23 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-07-28 03:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-07-28 03:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-07-28 03:22 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-07-28 03:21 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-07-28 03:20 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-07-28 03:12 3,067,712 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-07-28 03:06 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-07-28 03:01 1,550,208 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-07-28 02:50 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-07-28 02:47 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-07-28 02:46 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-07-28 02:40 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-07-27 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-07-12 16:18 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll 2007-07-12 02:54 107,864 ----a-w C:\WINDOWS\system32\tsccvid.dll 2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10] "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 01:55] "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-03 00:34] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 16:08] "RssReader"="C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" [2007-08-07 21:38] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Feike Hemminga^Menu Start^Programma's^Opstarten^QuickTV.lnk] path=C:\Documents and Settings\Feike Hemminga\Menu Start\Programma's\Opstarten\QuickTV.lnk backup=C:\WINDOWS\pss\QuickTV.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Program Files\Steam\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet R3 Cap7134;Cap7134 Capture;C:\WINDOWS\System32\DRIVERS\Cap7134.sys R3 PhTVTune;Cap713x TVTuner;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-11 15:28:44 Windows 5.1.2600 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?p ????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@?p ??????U\?w??????????@???????????????????B?????? ????????????????????????????B scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-11 15:29:19 C:\ComboFix-quarantined-files.txt ... 2007-10-09 16:00 C:\ComboFix2.txt ... 2007-10-09 16:00 . --- E O F --- HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:33:45, on 11-10-2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5814 bytes Moet ik trouwens het icoontje van IE wat op mijn bureaublad is gekomen na het runnen van Combofix laten staan?
  • Kun je dit bestand eens laten scannen bij Jotti: [b:b9b75376e8]C:\WINDOWS\reloaded.scr[/b:b9b75376e8] Ga naar [url=http://virusscan.jotti.org]Jotti[/url] Bij bladeren kopieer je het volgende: [b:b9b75376e8]C:\WINDOWS\reloaded.scr[/b:b9b75376e8]. Klik vervolgens op Submit en plak het resultaat hier. Doe ook het volgende even: Download F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml Plaats het op je bureaublad. Dubbelklik op blbeta.exe. Klik op "I accept the agreement". Klik op "Next". Klik op "Scan" en als het programma klaar is klik je daarna op "Next". Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven. Laat nog niks hernoemen. Op je bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen) Dit is het logje dat blacklight gemaakt heeft. Post het. Succes!
  • Dit is de log van Jottie: Scan taken on 11 Oct 2007 18:33:32 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Ik kan helaas niet F-Secure downloaden, want de trial-versie is verlopen.
  • Download: [b:a740ad8e0f][url=http://home.hetnet.nl/~stefsmeenk/RemoveVideoActiveXObject.exe]RemoveVideoActiveXObject.exe[/url][/b:a740ad8e0f] Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken. Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal. [b:a740ad8e0f]Mogelijk[/b:a740ad8e0f] start er ook een uninstaller van een rogue scanner op, [b:a740ad8e0f]sluit deze niet[/b:a740ad8e0f] af maar volg eventuele aanwijzingen en laat deze zijn werk doen. Daarna de [b:a740ad8e0f]PC herstarten[/b:a740ad8e0f] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken. Zoek daarna even het volgende bestand op [b:a740ad8e0f]C:\RVAXO-results.log[/b:a740ad8e0f] Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een logje van HijackThis. Download [b:a740ad8e0f][url=http://www.gmer.net/gmer.zip]Gmer[/url][/b:a740ad8e0f] en plaats het op je [b:a740ad8e0f]bureaublad.[/b:a740ad8e0f] - Unzip het > open de map gmer > dubbelklik op [b:a740ad8e0f]gmer.exe[/b:a740ad8e0f]. - Ga naar het tabblad [u:a740ad8e0f]Rootkit[/u:a740ad8e0f] en klik op de [u:a740ad8e0f]Scan[/u:a740ad8e0f] knop. [i:a740ad8e0f](Als een rootkit actief is, kan het zijn dat Gmer zal vragen om een scan uit te voeren. Sta dit toe.)[/i:a740ad8e0f] - Als de scan klaar is klik je op de knop [u:a740ad8e0f]Copy[/u:a740ad8e0f]. - Via CTRL+V kan je de volledige inhoud van het gmerlogje in je volgende post plakken. Succes! Pim
  • RVAXO-log: ----------------RVAXO.exe first run------------- Files found: Uninstallers Rogue scanners: Folders Found: Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Files found: Folders Found: HiJackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:00:11, on 11-10-2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\System32\devldr32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5791 bytes Gmer log: GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-10-11 23:11:20 Windows 5.1.2600 Service Pack 1 ---- System - GMER 1.0.13 ---- SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory SSDT d347bus.sys ZwClose SSDT d347bus.sys ZwCreateKey SSDT d347bus.sys ZwCreatePagingFile SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread SSDT d347bus.sys ZwEnumerateKey SSDT d347bus.sys ZwEnumerateValueKey SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection SSDT d347bus.sys ZwOpenKey SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory SSDT d347bus.sys ZwQueryKey SSDT d347bus.sys ZwQueryValueKey SSDT d347bus.sys ZwSetSystemPowerState SSDT sptd.sys ZwSetValueKey SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwShutdownSystem SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.13 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 150 805025CC 4 Bytes [ 30, 4B, F6, F6 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 170 805025EC 4 Bytes [ 18, 48, 6F, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [ D0, 47, 6F, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1C0 8050263C 4 Bytes [ 20, 8A, 6E, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1E0 8050265C 4 Bytes [ F0, 46, F6, F6 ] .text ... ? C:\WINDOWS\system32\drivers\sptd.sys Het proces heeft geen toegang tot het bestand omdat het bestand door een ander proces wordt gebruikt. .text USBPORT.SYS!DllUnload F73E7F88 5 Bytes JMP 863E8770 ? System32\Drivers\a70d6dwm.SYS Het systeem kan het opgegeven bestand niet vinden. .text ntdll.dll!NtCreateSection 77F65A21 1 Byte [ E9 ] .text ntdll.dll!NtCreateSection + 2 77F65A23 3 Bytes [ 12, 0D, FA ] ---- User code sections - GMER 1.0.13 ---- .text C:\Program Files\MSN Messenger\msnmsgr.exe[620] kernel32.dll!SetUnhandledExceptionFilter 77E5E5A1 9 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe .text C:\Documents and Settings\Feike Hemminga\Bureaublad\gmer\gmer.exe[3716] ntdll.dll!NtCreateSection 77F65A21 1 Byte [ E9 ] .text C:\Documents and Settings\Feike Hemminga\Bureaublad\gmer\gmer.exe[3716] ntdll.dll!NtCreateSection + 2 77F65A23 3 Bytes [ 12, 0D, FA ] ---- Kernel IAT/EAT - GMER 1.0.13 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F773C350] sptd.sys IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F773C2FC] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F775E93A] sptd.sys IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F773B57E] sptd.sys IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867E0C80 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867D81E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867D81E8 AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B80E6B4C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B80E6756] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B80E6F14] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B80E714C] amon.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B80E714C] amon.sys Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86183860 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86217790 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86217790 Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6F63220] wpsdrvnt.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F6F63480] wpsdrvnt.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F6F635A0] wpsdrvnt.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6F635D0] wpsdrvnt.sys Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 863D21E8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 863D21E8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 863D21E8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D21E8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 863D21E8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 863D21E8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 863D21E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867DA1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867DA1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867DA1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867DA1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867DA1E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867DA1E8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 863D21E8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 863D21E8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 863D21E8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D21E8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 863D21E8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 863D21E8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 863D21E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 863BB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 863BB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 863BB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863BB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 863BB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 863BB1E8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 863BB1E8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6F63220] wpsdrvnt.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F6F63480] wpsdrvnt.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F6F635A0] wpsdrvnt.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6F635D0] wpsdrvnt.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8676F1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8676F1E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86424838 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86424838 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8646A9B0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86424838 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86424838 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8672A928 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8672A928 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_READ 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_READ 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 8672A928 Device \Driver\atapi \Device\Ide\IdeDeviceP1T

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.