Vraag & Antwoord
Megaclick.com probleem!!!
19 antwoorden
- Dat is prima, ik raad echter wel aan z.s.m. te updaten naar SP2, wanneer je dit niet doet mis je essentiele beveiligingsupdates en heb je binnen de kortste keren weer nieuwe infecties opgelopen.
- Hoe kan ik trouwens in het register zien of alles van megaclick weg is?
In de link die in mijn 1e post staat daar iets over. - Je had last van een Wareout infectie, dit is een DNS Hijacker
[quote:9532cd53c5]
DNS-servers worden gebruikt om de naam van een website te vertalen naar het IP-adres.
Indien deze servers gewijzigd worden door malware, dan worden er foutieve DNS-servers gebruikt. Het gevolg hiervan is dat men wordt doorverwezen naar foutieve websites.[/quote:9532cd53c5]
Deze is nu opgelost, dus er komt geen register aan te pas.
Zie ook: http://users.telenet.be/marcvn/spyware/1176009.htm - Ik heb sinds kort last van het volgende:
Bij elke 2 of 3 internetpagina`s word ik geredirect naar megaclick.com.
Ik heb de toolbar van Megaupload via configuratiescherm gedeïnstalleerd, maar ik heb er nog steeds last van. Ik heb ergens gelezen dat ik iets uit het register moet verwijderen: http://www.techspot.com/vb/topic85756.html
Hoe moet ik precies te werk gaan? - Download Hijackthis-setup naar je [u:c4ec9ffcd1]Bureaublad[/u:c4ec9ffcd1].
Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
Kies nu voor [b:c4ec9ffcd1]'Do a system scan and save a logfile'[/b:c4ec9ffcd1].
Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:c4ec9ffcd1]ctrl-A[/b:c4ec9ffcd1]), kopieer ([b:c4ec9ffcd1]ctrl C[/b:c4ec9ffcd1]) en plak deze tekst in je volgende bericht.
Succes! 8)
Pim - Hier is de logfile:
Logfile of HijackThis v1.99.1
Scan saved at 1:06:23, on 9-10-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 08\bin\TW2008.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Temp\Programma`s\Antivirus & Spyware\HijackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F22EFB4-8922-47B1-A799-7FD533B104E2}: NameServer = 208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - Download de nieuwste versie van Hijackthis via onderstaande link:
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
Maak daarmee straks een logfile.
Download FixWareout van één van deze locaties:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file…Fixwareout.exe
Plaatst het op de bureaublad en start het.
Klik op "Next", daarna op "Install".
Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish".
Volg de aanwijzingen op het scherm.
Als je gevraagd wordt om de computer opnieuw te starten doe je dit.
Het zal wat langer duren voor de computer opnieuw volledig opgestart is. Dit is normaal.
Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt).
Post dit samen met een nieuw HijackThis log.
Pim - Nieuw HiJack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:44, on 9-10-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F22EFB4-8922-47B1-A799-7FD533B104E2}: NameServer = 208.67.222.222
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 7202 bytes
Fixware report:
Username "Feike Hemminga" - 09-10-2007 14:51:33 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
De DNS-omzettingscache is leeggemaakt.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
….
….
~~~~~ Misc files.
….
~~~~~ Checking for older varients.
….
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"RssReader"="\"C:\\Documents and Settings\\Feike Hemminga\\Application Data\\Qlikworld\\RSSReader\\RSSReader.exe\" /Autostart"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
….
Hosts file was reset, If you use a custom hosts file please replace it…
~~~~~ End report ~~~~~ - 1. Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma, [b:b65acf3eb8]indien aanwezig[/b:b65acf3eb8]:
[b:b65acf3eb8]
My Web Search
My Web Speedbar
WebSearch Tools
Search Assistant - My Way[/b:b65acf3eb8]
2. Herstart je computer.
3. Start Hijackthis, kies voor 'Do a system scan only en vink onderstaande regels aan, [b:b65acf3eb8]indien nog aanwezig[/b:b65acf3eb8]:
[b:b65acf3eb8]
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F22EFB4-8922-47B1-A799-7FD533B104E2}: NameServer = 208.67.222.222
[/b:b65acf3eb8]
Sluit nu alle open vensters, behalve Hijackthis en klik op Fix checked.
3. Download Combofix naar je Bureaublad.
[list:b65acf3eb8]
Dubbelklik [b:b65acf3eb8]Combofix.exe[/b:b65acf3eb8]
Volg de instructies, aanvaard de disclaimer door "[b:b65acf3eb8]1[/b:b65acf3eb8]" te typen en te bevestigen via "[b:b65acf3eb8]Enter[/b:b65acf3eb8]".
Tijdens het runnen van de fix, [b:b65acf3eb8]NIET[/b:b65acf3eb8] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:b65acf3eb8]
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
[i:b65acf3eb8]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:b65acf3eb8]
[b:b65acf3eb8]Note:[/b:b65acf3eb8] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
Succes!
Pim - Log van Combofix:
ComboFix 07-10-09.3 - Feike Hemminga 2007-10-09 15:58:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.601 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Feike Hemminga\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
.
2007-10-09 15:58 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-09 15:51 381,012 –a—— C:\Program Files\Uninstall Fun Web Products.dll
2007-10-09 14:49 <DIR> d——– C:\Program Files\Trend Micro
2007-10-08 19:17 <DIR> d——– C:\Program Files\PKR
2007-10-06 23:21 <DIR> d——– C:\Program Files\PokerStars
2007-10-06 19:58 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
2007-10-06 19:56 <DIR> d——– C:\Program Files\Alcohol Soft
2007-10-03 16:57 <DIR> d——– C:\Program Files\Common Files\Canon
2007-10-03 16:57 <DIR> d——– C:\Program Files\Canon
2007-10-03 16:53 150,528 –a—— C:\WINDOWS\system32\ptpusd.dll
2007-10-03 16:53 14,208 –a—— C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-03 16:53 14,208 –a–c— C:\WINDOWS\system32\dllcache\usbscan.sys
2007-10-03 16:53 5,632 –a—— C:\WINDOWS\system32\ptpusb.dll
2007-09-24 18:01 <DIR> d——– C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768 dir
2007-09-24 18:01 202,240 –a—— C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768.scr
2007-09-19 17:13 <DIR> d——– C:\ANDES
2007-09-19 17:13 247,296 –a—— C:\WINDOWS\UN160413.EXE
2007-09-19 17:13 20,976 –a—— C:\WINDOWS\system\CTL3D.DLL
2007-09-17 00:29 <DIR> d——– C:\Program Files\Zylom Games
2007-09-17 00:29 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Zylom
2007-09-15 03:03 <DIR> d——– C:\WINDOWS\Preferences
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 13:52 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Azureus
2007-10-06 22:26 ——— d—–w C:\Program Files\Azureus
2007-10-06 01:56 ——— d—–w C:\Program Files\GameSpy Arcade
2007-09-29 00:03 ——— d—–w C:\Program Files\EA SPORTS
2007-09-25 20:37 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-09-25 20:33 ——— d—–w C:\Program Files\KONAMI
2007-09-16 22:29 ——— d—–w C:\Program Files\PopCap Games
2007-08-29 17:17 ——— d—–w C:\Program Files\Common Files\Logitech
2007-08-25 20:21 ——— d—–w C:\Program Files\TVAnts
2007-08-23 16:57 ——— d—–w C:\Program Files\MSN Messenger
2007-08-23 13:08 ——— d—–w C:\Program Files\AviSynth 2.5
2007-08-23 13:08 ——— d—–w C:\Program Files\Avi2Dvd
2007-08-22 15:57 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld
2007-08-20 15:34 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Sony
2007-08-19 13:47 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-19 13:45 ——— d—–w C:\Program Files\DVD Shrink
2007-08-19 13:37 ——— d—–w C:\Program Files\CloneDVD
2007-08-19 12:41 39,488 —-a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-08-16 17:36 ——— d—–w C:\Program Files\Steam
2007-08-16 13:26 ——— d—–w C:\Program Files\DivX
2007-08-15 17:41 ——— d—–w C:\Program Files\Electronic Arts
2007-08-15 17:04 ——— d—–w C:\Program Files\D-Tools
2007-08-15 16:39 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\ATI
2007-08-15 16:39 ——— d—–w C:\Documents and Settings\All Users\Application Data\ATI
2007-08-15 15:48 ——— d—–w C:\Program Files\ATI Technologies
2007-08-15 12:52 ——— d—–w C:\Program Files\Easy Video Joiner
2007-08-15 12:51 73,216 —-a-w C:\WINDOWS\ST6UNST.EXE
2007-08-15 12:51 249,856 ——w C:\WINDOWS\Setup1.exe
2007-08-15 12:51 ——— d—–w C:\Program Files\SubSync
2007-08-13 01:54 ——— d—–w C:\Program Files\QuickTime Alternative
2007-08-13 01:54 ——— d—–w C:\Program Files\Media Player Classic
2007-08-13 01:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-08-11 18:45 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Yahoo!
2007-08-03 20:02 4,734,976 —-a-w C:\WINDOWS\reloaded.scr
2007-08-03 01:28 98,304 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-03 00:48 720,896 —-a-w C:\WINDOWS\iun6002.exe
2007-08-02 22:35 270,336 —-a-w C:\WINDOWS\system32\imon.dll
2007-08-02 20:45 107,132 —-a-w C:\WINDOWS\UninstallFirefox.exe
2007-08-02 17:55 94,208 —-a-w C:\WINDOWS\system32\34api.dll
2007-08-02 17:55 90,112 —-a-w C:\WINDOWS\system32\34com.dll
2007-08-02 17:55 32,768 —-a-w C:\WINDOWS\system32\Prop7134.dll
2007-07-28 03:37 8,237,056 —-a-w C:\WINDOWS\system32\atioglx2.dll
2007-07-28 03:31 344,064 —-a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-07-28 03:30 269,312 —-a-w C:\WINDOWS\system32\ati2dvag.dll
2007-07-28 03:24 307,200 —-a-w C:\WINDOWS\system32\atiiiexx.dll
2007-07-28 03:23 143,360 —-a-w C:\WINDOWS\system32\atipdlxx.dll
2007-07-28 03:23 122,880 —-a-w C:\WINDOWS\system32\Oemdspif.dll
2007-07-28 03:22 43,520 —-a-w C:\WINDOWS\system32\ati2edxx.dll
2007-07-28 03:22 26,112 —-a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-07-28 03:22 118,784 —-a-w C:\WINDOWS\system32\ati2evxx.dll
2007-07-28 03:21 483,328 —-a-w C:\WINDOWS\system32\ati2evxx.exe
2007-07-28 03:20 53,248 —-a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-07-28 03:12 3,067,712 —-a-w C:\WINDOWS\system32\ati3duag.dll
2007-07-28 03:06 176,128 —-a-w C:\WINDOWS\system32\atiok3x2.dll
2007-07-28 03:01 1,550,208 —-a-w C:\WINDOWS\system32\ativvaxx.dll
2007-07-28 02:50 5,435,392 —-a-w C:\WINDOWS\system32\atioglxx.dll
2007-07-28 02:47 266,240 —-a-w C:\WINDOWS\system32\atikvmag.dll
2007-07-28 02:46 17,408 —-a-w C:\WINDOWS\system32\atitvo32.dll
2007-07-28 02:40 450,560 —-a-w C:\WINDOWS\system32\ati2cqag.dll
2007-07-27 19:05 593,920 ——w C:\WINDOWS\system32\ati2sgag.exe
2007-07-26 23:06 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
2007-07-26 23:06 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
2007-07-12 16:18 50,520 —-a-w C:\WINDOWS\system32\csvidcap.dll
2007-07-12 02:54 107,864 —-a-w C:\WINDOWS\system32\tsccvid.dll
2004-03-11 11:27 40,960 —-a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 01:55]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-03 00:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 16:08]
"RssReader"="C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" [2007-08-07 21:38]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Feike Hemminga^Menu Start^Programma's^Opstarten^QuickTV.lnk]
path=C:\Documents and Settings\Feike Hemminga\Menu Start\Programma's\Opstarten\QuickTV.lnk
backup=C:\WINDOWS\pss\QuickTV.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher]
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey]
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
R3 Cap7134;Cap7134 Capture;C:\WINDOWS\System32\DRIVERS\Cap7134.sys
R3 PhTVTune;Cap713x TVTuner;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 16:00:21
Windows 5.1.2600 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???d???????????? C?????Disc Detector?B???A???????A?p ????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@?p ??????U\?w??????????@?q?????????????????B?????? ????????????????????????????B
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-09 16:00:53
C:\ComboFix-quarantined-files.txt … 2007-10-09 16:00
.
— E O F —
Log van HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:35, on 9-10-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 5746 bytes - Download ATF Cleaner ( van Atribune)
Dubbelklik op [b:4b720a1853]ATF cleaner[/b:4b720a1853] om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch.
Klik op de knop Empty Selected.
Gebruik je ook [b:4b720a1853]Firefox[/b:4b720a1853] als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords"
Klik op de knop Empty Selected.
Gebruik je ook [b:4b720a1853]Opera[/b:4b720a1853] als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop [b:4b720a1853]Exit[/b:4b720a1853] om het programma af te sluiten.
Schakel systemherstel uit, herstart je computer en schakel systeemherstel weer in.
Hoe systeemherstel te resetten.
Op deze manier haal je alle malware uit je systeemherstel.
Ga nu naar de Windows Update website en haal daar alle updates binnen. De belangrijkste in
jou geval is ServicePack2!
Hoe is het met je problemen?
Pim. - Op dit moment heb ik geen problemen meer met Megaclick.com, maar ik heb jouw laatste aanwijzingen niet gedaan. Die hou ik nog even achter de hand.
- Ik heb nog steeds last van deze rotzooi. Hier is een HiJack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:29:21, on 11-10-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 5905 bytes - Deïnstalleer combofix:
- Ga naar start > uitvoeren en typ ComboFix /u
- Klik vervolgens op 2. en klik enter
Nu even Combofix opnieuw downloaden en een nieuw logje maken:
Download Combofix naar je Bureaublad.
[list:5e0adcf81a]
Dubbelklik [b:5e0adcf81a]Combofix.exe[/b:5e0adcf81a]
Volg de instructies, aanvaard de disclaimer door "[b:5e0adcf81a]1[/b:5e0adcf81a]" te typen en te bevestigen via "[b:5e0adcf81a]Enter[/b:5e0adcf81a]".
Tijdens het runnen van de fix, [b:5e0adcf81a]NIET[/b:5e0adcf81a] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:5e0adcf81a]
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
[i:5e0adcf81a]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:5e0adcf81a]
[b:5e0adcf81a]Note:[/b:5e0adcf81a] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren. - Combofix Log:
ComboFix 07-10-11.5 - Feike Hemminga 2007-10-11 15:27:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.497 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Feike Hemminga\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))
.
2007-10-10 03:39 <DIR> d——– C:\Program Files\MozBackup
2007-10-09 15:58 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-09 14:49 <DIR> d——– C:\Program Files\Trend Micro
2007-10-08 19:17 <DIR> d——– C:\Program Files\PKR
2007-10-06 23:21 <DIR> d——– C:\Program Files\PokerStars
2007-10-06 19:58 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
2007-10-06 19:56 <DIR> d——– C:\Program Files\Alcohol Soft
2007-10-03 16:57 <DIR> d——– C:\Program Files\Common Files\Canon
2007-10-03 16:57 <DIR> d——– C:\Program Files\Canon
2007-10-03 16:53 150,528 –a—— C:\WINDOWS\system32\ptpusd.dll
2007-10-03 16:53 14,208 –a—— C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-03 16:53 14,208 –a–c— C:\WINDOWS\system32\dllcache\usbscan.sys
2007-10-03 16:53 5,632 –a—— C:\WINDOWS\system32\ptpusb.dll
2007-09-24 18:01 <DIR> d——– C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768 dir
2007-09-24 18:01 202,240 –a—— C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768.scr
2007-09-19 17:13 247,296 –a—— C:\WINDOWS\UN160413.EXE
2007-09-19 17:13 20,976 –a—— C:\WINDOWS\system\CTL3D.DLL
2007-09-17 00:29 <DIR> d——– C:\Program Files\Zylom Games
2007-09-17 00:29 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Zylom
2007-09-15 03:03 <DIR> d——– C:\WINDOWS\Preferences
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 13:12 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Azureus
2007-10-10 13:14 ——— d—–w C:\Program Files\Gabest
2007-10-06 22:26 ——— d—–w C:\Program Files\Azureus
2007-10-06 01:56 ——— d—–w C:\Program Files\GameSpy Arcade
2007-09-29 00:03 ——— d—–w C:\Program Files\EA SPORTS
2007-09-25 20:37 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-09-25 20:33 ——— d—–w C:\Program Files\KONAMI
2007-09-16 22:29 ——— d—–w C:\Program Files\PopCap Games
2007-08-29 17:17 ——— d—–w C:\Program Files\Common Files\Logitech
2007-08-25 20:21 ——— d—–w C:\Program Files\TVAnts
2007-08-23 16:57 ——— d—–w C:\Program Files\MSN Messenger
2007-08-23 13:08 ——— d—–w C:\Program Files\AviSynth 2.5
2007-08-23 13:08 ——— d—–w C:\Program Files\Avi2Dvd
2007-08-22 15:57 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld
2007-08-20 15:34 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Sony
2007-08-19 13:47 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-19 13:45 ——— d—–w C:\Program Files\DVD Shrink
2007-08-19 13:37 ——— d—–w C:\Program Files\CloneDVD
2007-08-19 12:41 39,488 —-a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-08-16 17:36 ——— d—–w C:\Program Files\Steam
2007-08-16 13:26 ——— d—–w C:\Program Files\DivX
2007-08-15 17:41 ——— d—–w C:\Program Files\Electronic Arts
2007-08-15 17:04 ——— d—–w C:\Program Files\D-Tools
2007-08-15 16:39 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\ATI
2007-08-15 16:39 ——— d—–w C:\Documents and Settings\All Users\Application Data\ATI
2007-08-15 15:48 ——— d—–w C:\Program Files\ATI Technologies
2007-08-15 12:52 ——— d—–w C:\Program Files\Easy Video Joiner
2007-08-15 12:51 73,216 —-a-w C:\WINDOWS\ST6UNST.EXE
2007-08-15 12:51 249,856 ——w C:\WINDOWS\Setup1.exe
2007-08-15 12:51 ——— d—–w C:\Program Files\SubSync
2007-08-13 01:54 ——— d—–w C:\Program Files\QuickTime Alternative
2007-08-13 01:54 ——— d—–w C:\Program Files\Media Player Classic
2007-08-13 01:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-08-11 18:45 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Yahoo!
2007-08-03 20:02 4,734,976 —-a-w C:\WINDOWS\reloaded.scr
2007-08-03 01:28 98,304 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-03 00:48 720,896 —-a-w C:\WINDOWS\iun6002.exe
2007-08-02 22:35 270,336 —-a-w C:\WINDOWS\system32\imon.dll
2007-08-02 20:45 107,132 —-a-w C:\WINDOWS\UninstallFirefox.exe
2007-08-02 17:55 94,208 —-a-w C:\WINDOWS\system32\34api.dll
2007-08-02 17:55 90,112 —-a-w C:\WINDOWS\system32\34com.dll
2007-08-02 17:55 32,768 —-a-w C:\WINDOWS\system32\Prop7134.dll
2007-07-28 03:37 8,237,056 —-a-w C:\WINDOWS\system32\atioglx2.dll
2007-07-28 03:31 344,064 —-a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-07-28 03:30 269,312 —-a-w C:\WINDOWS\system32\ati2dvag.dll
2007-07-28 03:24 307,200 —-a-w C:\WINDOWS\system32\atiiiexx.dll
2007-07-28 03:23 143,360 —-a-w C:\WINDOWS\system32\atipdlxx.dll
2007-07-28 03:23 122,880 —-a-w C:\WINDOWS\system32\Oemdspif.dll
2007-07-28 03:22 43,520 —-a-w C:\WINDOWS\system32\ati2edxx.dll
2007-07-28 03:22 26,112 —-a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-07-28 03:22 118,784 —-a-w C:\WINDOWS\system32\ati2evxx.dll
2007-07-28 03:21 483,328 —-a-w C:\WINDOWS\system32\ati2evxx.exe
2007-07-28 03:20 53,248 —-a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-07-28 03:12 3,067,712 —-a-w C:\WINDOWS\system32\ati3duag.dll
2007-07-28 03:06 176,128 —-a-w C:\WINDOWS\system32\atiok3x2.dll
2007-07-28 03:01 1,550,208 —-a-w C:\WINDOWS\system32\ativvaxx.dll
2007-07-28 02:50 5,435,392 —-a-w C:\WINDOWS\system32\atioglxx.dll
2007-07-28 02:47 266,240 —-a-w C:\WINDOWS\system32\atikvmag.dll
2007-07-28 02:46 17,408 —-a-w C:\WINDOWS\system32\atitvo32.dll
2007-07-28 02:40 450,560 —-a-w C:\WINDOWS\system32\ati2cqag.dll
2007-07-27 19:05 593,920 ——w C:\WINDOWS\system32\ati2sgag.exe
2007-07-26 23:06 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
2007-07-26 23:06 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
2007-07-12 16:18 50,520 —-a-w C:\WINDOWS\system32\csvidcap.dll
2007-07-12 02:54 107,864 —-a-w C:\WINDOWS\system32\tsccvid.dll
2004-03-11 11:27 40,960 —-a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 01:55]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-03 00:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 16:08]
"RssReader"="C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" [2007-08-07 21:38]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Feike Hemminga^Menu Start^Programma's^Opstarten^QuickTV.lnk]
path=C:\Documents and Settings\Feike Hemminga\Menu Start\Programma's\Opstarten\QuickTV.lnk
backup=C:\WINDOWS\pss\QuickTV.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher]
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey]
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
R3 Cap7134;Cap7134 Capture;C:\WINDOWS\System32\DRIVERS\Cap7134.sys
R3 PhTVTune;Cap713x TVTuner;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 15:28:44
Windows 5.1.2600 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?p ????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@?p ??????U\?w??????????@???????????????????B?????? ????????????????????????????B
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-11 15:29:19
C:\ComboFix-quarantined-files.txt … 2007-10-09 16:00
C:\ComboFix2.txt … 2007-10-09 16:00
.
— E O F —
HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:45, on 11-10-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 5814 bytes
Moet ik trouwens het icoontje van IE wat op mijn bureaublad is gekomen na het runnen van Combofix laten staan? - Kun je dit bestand eens laten scannen bij Jotti: [b:b9b75376e8]C:\WINDOWS\reloaded.scr[/b:b9b75376e8]
Ga naar Jotti Bij bladeren kopieer je het volgende:
[b:b9b75376e8]C:\WINDOWS\reloaded.scr[/b:b9b75376e8]. Klik vervolgens op Submit en plak het resultaat hier.
Doe ook het volgende even:
Download F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Plaats het op je bureaublad.
Dubbelklik op blbeta.exe.
Klik op "I accept the agreement".
Klik op "Next".
Klik op "Scan" en als het programma klaar is klik je daarna op "Next".
Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven.
Laat nog niks hernoemen.
Op je bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen)
Dit is het logje dat blacklight gemaakt heeft. Post het.
Succes! - Dit is de log van Jottie:
Scan taken on 11 Oct 2007 18:33:32 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Ik kan helaas niet F-Secure downloaden, want de trial-versie is verlopen. - Download: [b:a740ad8e0f]RemoveVideoActiveXObject.exe[/b:a740ad8e0f]
Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal.
[b:a740ad8e0f]Mogelijk[/b:a740ad8e0f] start er ook een uninstaller van een rogue scanner op, [b:a740ad8e0f]sluit deze niet[/b:a740ad8e0f] af maar volg eventuele aanwijzingen en laat deze zijn werk doen.
Daarna de [b:a740ad8e0f]PC herstarten[/b:a740ad8e0f] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
Zoek daarna even het volgende bestand op [b:a740ad8e0f]C:\RVAXO-results.log[/b:a740ad8e0f]
Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een logje van HijackThis.
Download [b:a740ad8e0f]Gmer[/b:a740ad8e0f] en plaats het op je [b:a740ad8e0f]bureaublad.[/b:a740ad8e0f]
- Unzip het > open de map gmer > dubbelklik op [b:a740ad8e0f]gmer.exe[/b:a740ad8e0f].
- Ga naar het tabblad [u:a740ad8e0f]Rootkit[/u:a740ad8e0f] en klik op de [u:a740ad8e0f]Scan[/u:a740ad8e0f] knop.
[i:a740ad8e0f](Als een rootkit actief is, kan het zijn dat Gmer zal vragen om een scan uit te voeren. Sta dit toe.)[/i:a740ad8e0f]
- Als de scan klaar is klik je op de knop [u:a740ad8e0f]Copy[/u:a740ad8e0f].
- Via CTRL+V kan je de volledige inhoud van het gmerlogje in je volgende post plakken.
Succes!
Pim - RVAXO-log:
—————-RVAXO.exe first run————-
Files found:
Uninstallers Rogue scanners:
Folders Found:
Hosts-file was reset, If you use a custom hosts file please replace it…
————–RVAXO.exe last run—————
Files found:
Folders Found:
HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:11, on 11-10-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 5791 bytes
Gmer log:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-11 23:11:20
Windows 5.1.2600 Service Pack 1
—- System - GMER 1.0.13 —-
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory
—- Kernel code sections - GMER 1.0.13 —-
.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 150 805025CC 4 Bytes [ 30, 4B, F6, F6 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 170 805025EC 4 Bytes [ 18, 48, 6F, F7 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [ D0, 47, 6F, F7 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1C0 8050263C 4 Bytes [ 20, 8A, 6E, F7 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1E0 8050265C 4 Bytes [ F0, 46, F6, F6 ]
.text …
? C:\WINDOWS\system32\drivers\sptd.sys Het proces heeft geen toegang tot het bestand omdat
het bestand door een ander proces wordt gebruikt.
.text USBPORT.SYS!DllUnload F73E7F88 5 Bytes JMP 863E8770
? System32\Drivers\a70d6dwm.SYS Het systeem kan het opgegeven bestand niet vinden.
.text ntdll.dll!NtCreateSection 77F65A21 1 Byte [ E9 ]
.text ntdll.dll!NtCreateSection + 2 77F65A23 3 Bytes [ 12, 0D, FA ]
—- User code sections - GMER 1.0.13 —-
.text C:\Program Files\MSN Messenger\msnmsgr.exe[620] kernel32.dll!SetUnhandledExceptionFilter 77E5E5A1 9 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Documents and Settings\Feike Hemminga\Bureaublad\gmer\gmer.exe[3716] ntdll.dll!NtCreateSection 77F65A21 1 Byte [ E9 ]
.text C:\Documents and Settings\Feike Hemminga\Bureaublad\gmer\gmer.exe[3716] ntdll.dll!NtCreateSection + 2 77F65A23 3 Bytes [ 12, 0D, FA ]
—- Kernel IAT/EAT - GMER 1.0.13 —-
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F773C350] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F773C2FC] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F775E93A] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F773B57E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867E0C80
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867D81E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867D81E8
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B80E6B4C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B80E6756] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B80E6F14] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B80E714C] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B80E714C] amon.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86183860
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86217790
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86217790
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6F63220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F6F63480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F6F635A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6F635D0] wpsdrvnt.sys
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 863D21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 863D21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 863D21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 863D21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 863D21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 863D21E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867DA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867DA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867DA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867DA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867DA1E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 863D21E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 863D21E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 863D21E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D21E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 863D21E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 863D21E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 863D21E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 863BB1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 863BB1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 863BB1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863BB1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 863BB1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 863BB1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 863BB1E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6F63220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F6F63480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F6F635A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6F635D0] wpsdrvnt.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8676F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8676F1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86424838
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86424838
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8646A9B0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86424838
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86424838
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8672A928
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8672A928
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_READ 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_READ 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 8672A928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.