Vraag & Antwoord

Beveiliging & privacy

Megaclick.com probleem!!!

Anoniem
pimvandenderen
19 antwoorden
  • Ik heb sinds kort last van het volgende:
    Bij elke 2 of 3 internetpagina`s word ik geredirect naar megaclick.com.
    Ik heb de toolbar van Megaupload via configuratiescherm gedeïnstalleerd, maar ik heb er nog steeds last van. Ik heb ergens gelezen dat ik iets uit het register moet verwijderen: http://www.techspot.com/vb/topic85756.html
    Hoe moet ik precies te werk gaan?
  • Download Hijackthis-setup naar je [u:c4ec9ffcd1]Bureaublad[/u:c4ec9ffcd1].

    Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
    Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
    Kies nu voor [b:c4ec9ffcd1]'Do a system scan and save a logfile'[/b:c4ec9ffcd1].
    Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:c4ec9ffcd1]ctrl-A[/b:c4ec9ffcd1]), kopieer ([b:c4ec9ffcd1]ctrl C[/b:c4ec9ffcd1]) en plak deze tekst in je volgende bericht.

    Succes! 8)

    Pim
  • Hier is de logfile:
    Logfile of HijackThis v1.99.1
    Scan saved at 1:06:23, on 9-10-2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 08\bin\TW2008.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    F:\Temp\Programma`s\Antivirus & Spyware\HijackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F22EFB4-8922-47B1-A799-7FD533B104E2}: NameServer = 208.67.222.222
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
  • Download de nieuwste versie van Hijackthis via onderstaande link:
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    Maak daarmee straks een logfile.

    Download FixWareout van één van deze locaties:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/file…Fixwareout.exe
    Plaatst het op de bureaublad en start het.
    Klik op "Next", daarna op "Install".
    Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish".
    Volg de aanwijzingen op het scherm.
    Als je gevraagd wordt om de computer opnieuw te starten doe je dit.
    Het zal wat langer duren voor de computer opnieuw volledig opgestart is. Dit is normaal.
    Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt).
    Post dit samen met een nieuw HijackThis log.

    Pim
  • Nieuw HiJack log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:49:44, on 9-10-2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F22EFB4-8922-47B1-A799-7FD533B104E2}: NameServer = 208.67.222.222
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    End of file - 7202 bytes

    Fixware report:
    Username "Feike Hemminga" - 09-10-2007 14:51:33 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    De DNS-omzettingscache is leeggemaakt.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ….
    ….
    ~~~~~ Misc files.
    ….
    ~~~~~ Checking for older varients.
    ….

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
    "UpdReg"="C:\\WINDOWS\\Updreg.exe"
    "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
    "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
    "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
    "MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
    "LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "RssReader"="\"C:\\Documents and Settings\\Feike Hemminga\\Application Data\\Qlikworld\\RSSReader\\RSSReader.exe\" /Autostart"
    "MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    ….
    Hosts file was reset, If you use a custom hosts file please replace it…
    ~~~~~ End report ~~~~~
  • 1. Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma, [b:b65acf3eb8]indien aanwezig[/b:b65acf3eb8]:
    [b:b65acf3eb8]
    My Web Search
    My Web Speedbar
    WebSearch Tools
    Search Assistant - My Way[/b:b65acf3eb8]

    2. Herstart je computer.

    3. Start Hijackthis, kies voor 'Do a system scan only en vink onderstaande regels aan, [b:b65acf3eb8]indien nog aanwezig[/b:b65acf3eb8]:
    [b:b65acf3eb8]
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F22EFB4-8922-47B1-A799-7FD533B104E2}: NameServer = 208.67.222.222
    [/b:b65acf3eb8]
    Sluit nu alle open vensters, behalve Hijackthis en klik op Fix checked.

    3. Download Combofix naar je Bureaublad.
    [list:b65acf3eb8]
    Dubbelklik [b:b65acf3eb8]Combofix.exe[/b:b65acf3eb8]
    Volg de instructies, aanvaard de disclaimer door "[b:b65acf3eb8]1[/b:b65acf3eb8]" te typen en te bevestigen via "[b:b65acf3eb8]Enter[/b:b65acf3eb8]".
    Tijdens het runnen van de fix, [b:b65acf3eb8]NIET[/b:b65acf3eb8] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:b65acf3eb8]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:b65acf3eb8]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:b65acf3eb8]

    [b:b65acf3eb8]Note:[/b:b65acf3eb8] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

    Succes!

    Pim
  • Log van Combofix:
    ComboFix 07-10-09.3 - Feike Hemminga 2007-10-09 15:58:42.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.601 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Feike Hemminga\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\FunWebProducts
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
    .

    2007-10-09 15:58 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-09 15:51 381,012 –a—— C:\Program Files\Uninstall Fun Web Products.dll
    2007-10-09 14:49 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-08 19:17 <DIR> d——– C:\Program Files\PKR
    2007-10-06 23:21 <DIR> d——– C:\Program Files\PokerStars
    2007-10-06 19:58 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-06 19:56 <DIR> d——– C:\Program Files\Alcohol Soft
    2007-10-03 16:57 <DIR> d——– C:\Program Files\Common Files\Canon
    2007-10-03 16:57 <DIR> d——– C:\Program Files\Canon
    2007-10-03 16:53 150,528 –a—— C:\WINDOWS\system32\ptpusd.dll
    2007-10-03 16:53 14,208 –a—— C:\WINDOWS\system32\drivers\usbscan.sys
    2007-10-03 16:53 14,208 –a–c— C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-10-03 16:53 5,632 –a—— C:\WINDOWS\system32\ptpusb.dll
    2007-09-24 18:01 <DIR> d——– C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768 dir
    2007-09-24 18:01 202,240 –a—— C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768.scr
    2007-09-19 17:13 <DIR> d——– C:\ANDES
    2007-09-19 17:13 247,296 –a—— C:\WINDOWS\UN160413.EXE
    2007-09-19 17:13 20,976 –a—— C:\WINDOWS\system\CTL3D.DLL
    2007-09-17 00:29 <DIR> d——– C:\Program Files\Zylom Games
    2007-09-17 00:29 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Zylom
    2007-09-15 03:03 <DIR> d——– C:\WINDOWS\Preferences

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-09 13:52 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Azureus
    2007-10-06 22:26 ——— d—–w C:\Program Files\Azureus
    2007-10-06 01:56 ——— d—–w C:\Program Files\GameSpy Arcade
    2007-09-29 00:03 ——— d—–w C:\Program Files\EA SPORTS
    2007-09-25 20:37 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-25 20:33 ——— d—–w C:\Program Files\KONAMI
    2007-09-16 22:29 ——— d—–w C:\Program Files\PopCap Games
    2007-08-29 17:17 ——— d—–w C:\Program Files\Common Files\Logitech
    2007-08-25 20:21 ——— d—–w C:\Program Files\TVAnts
    2007-08-23 16:57 ——— d—–w C:\Program Files\MSN Messenger
    2007-08-23 13:08 ——— d—–w C:\Program Files\AviSynth 2.5
    2007-08-23 13:08 ——— d—–w C:\Program Files\Avi2Dvd
    2007-08-22 15:57 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld
    2007-08-20 15:34 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Sony
    2007-08-19 13:47 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-08-19 13:45 ——— d—–w C:\Program Files\DVD Shrink
    2007-08-19 13:37 ——— d—–w C:\Program Files\CloneDVD
    2007-08-19 12:41 39,488 —-a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
    2007-08-16 17:36 ——— d—–w C:\Program Files\Steam
    2007-08-16 13:26 ——— d—–w C:\Program Files\DivX
    2007-08-15 17:41 ——— d—–w C:\Program Files\Electronic Arts
    2007-08-15 17:04 ——— d—–w C:\Program Files\D-Tools
    2007-08-15 16:39 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\ATI
    2007-08-15 16:39 ——— d—–w C:\Documents and Settings\All Users\Application Data\ATI
    2007-08-15 15:48 ——— d—–w C:\Program Files\ATI Technologies
    2007-08-15 12:52 ——— d—–w C:\Program Files\Easy Video Joiner
    2007-08-15 12:51 73,216 —-a-w C:\WINDOWS\ST6UNST.EXE
    2007-08-15 12:51 249,856 ——w C:\WINDOWS\Setup1.exe
    2007-08-15 12:51 ——— d—–w C:\Program Files\SubSync
    2007-08-13 01:54 ——— d—–w C:\Program Files\QuickTime Alternative
    2007-08-13 01:54 ——— d—–w C:\Program Files\Media Player Classic
    2007-08-13 01:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-08-11 18:45 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Yahoo!
    2007-08-03 20:02 4,734,976 —-a-w C:\WINDOWS\reloaded.scr
    2007-08-03 01:28 98,304 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-08-03 00:48 720,896 —-a-w C:\WINDOWS\iun6002.exe
    2007-08-02 22:35 270,336 —-a-w C:\WINDOWS\system32\imon.dll
    2007-08-02 20:45 107,132 —-a-w C:\WINDOWS\UninstallFirefox.exe
    2007-08-02 17:55 94,208 —-a-w C:\WINDOWS\system32\34api.dll
    2007-08-02 17:55 90,112 —-a-w C:\WINDOWS\system32\34com.dll
    2007-08-02 17:55 32,768 —-a-w C:\WINDOWS\system32\Prop7134.dll
    2007-07-28 03:37 8,237,056 —-a-w C:\WINDOWS\system32\atioglx2.dll
    2007-07-28 03:31 344,064 —-a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2007-07-28 03:30 269,312 —-a-w C:\WINDOWS\system32\ati2dvag.dll
    2007-07-28 03:24 307,200 —-a-w C:\WINDOWS\system32\atiiiexx.dll
    2007-07-28 03:23 143,360 —-a-w C:\WINDOWS\system32\atipdlxx.dll
    2007-07-28 03:23 122,880 —-a-w C:\WINDOWS\system32\Oemdspif.dll
    2007-07-28 03:22 43,520 —-a-w C:\WINDOWS\system32\ati2edxx.dll
    2007-07-28 03:22 26,112 —-a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2007-07-28 03:22 118,784 —-a-w C:\WINDOWS\system32\ati2evxx.dll
    2007-07-28 03:21 483,328 —-a-w C:\WINDOWS\system32\ati2evxx.exe
    2007-07-28 03:20 53,248 —-a-w C:\WINDOWS\system32\ATIDDC.DLL
    2007-07-28 03:12 3,067,712 —-a-w C:\WINDOWS\system32\ati3duag.dll
    2007-07-28 03:06 176,128 —-a-w C:\WINDOWS\system32\atiok3x2.dll
    2007-07-28 03:01 1,550,208 —-a-w C:\WINDOWS\system32\ativvaxx.dll
    2007-07-28 02:50 5,435,392 —-a-w C:\WINDOWS\system32\atioglxx.dll
    2007-07-28 02:47 266,240 —-a-w C:\WINDOWS\system32\atikvmag.dll
    2007-07-28 02:46 17,408 —-a-w C:\WINDOWS\system32\atitvo32.dll
    2007-07-28 02:40 450,560 —-a-w C:\WINDOWS\system32\ati2cqag.dll
    2007-07-27 19:05 593,920 ——w C:\WINDOWS\system32\ati2sgag.exe
    2007-07-26 23:06 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-07-26 23:06 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-07-12 16:18 50,520 —-a-w C:\WINDOWS\system32\csvidcap.dll
    2007-07-12 02:54 107,864 —-a-w C:\WINDOWS\system32\tsccvid.dll
    2004-03-11 11:27 40,960 —-a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10]
    "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 01:55]
    "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-03 00:34]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 16:08]
    "RssReader"="C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" [2007-08-07 21:38]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Feike Hemminga^Menu Start^Programma's^Opstarten^QuickTV.lnk]
    path=C:\Documents and Settings\Feike Hemminga\Menu Start\Programma's\Opstarten\QuickTV.lnk
    backup=C:\WINDOWS\pss\QuickTV.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher]
    C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey]
    C:\WINDOWS\Twain_32\SlimU2\HotKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
    "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Program Files\Steam\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    R3 Cap7134;Cap7134 Capture;C:\WINDOWS\System32\DRIVERS\Cap7134.sys
    R3 PhTVTune;Cap713x TVTuner;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-09 16:00:21
    Windows 5.1.2600 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???d???????????? C?????Disc Detector?B???A???????A?p ????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@?p ??????U\?w??????????@?q?????????????????B?????? ????????????????????????????B

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-09 16:00:53
    C:\ComboFix-quarantined-files.txt … 2007-10-09 16:00
    .
    — E O F —

    Log van HiJackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:01:35, on 9-10-2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    End of file - 5746 bytes
  • Download ATF Cleaner ( van Atribune)

    Dubbelklik op [b:4b720a1853]ATF cleaner[/b:4b720a1853] om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch.
    Klik op de knop Empty Selected.

    Gebruik je ook [b:4b720a1853]Firefox[/b:4b720a1853] als browser:

    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords";)
    Klik op de knop Empty Selected.

    Gebruik je ook [b:4b720a1853]Opera[/b:4b720a1853] als browser:

    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.

    Ga naar het tabblad "Main" en klik op de knop [b:4b720a1853]Exit[/b:4b720a1853] om het programma af te sluiten.

    Schakel systemherstel uit, herstart je computer en schakel systeemherstel weer in.
    Hoe systeemherstel te resetten.
    Op deze manier haal je alle malware uit je systeemherstel.

    Ga nu naar de Windows Update website en haal daar alle updates binnen. De belangrijkste in
    jou geval is ServicePack2!

    Hoe is het met je problemen?

    Pim.
  • Op dit moment heb ik geen problemen meer met Megaclick.com, maar ik heb jouw laatste aanwijzingen niet gedaan. Die hou ik nog even achter de hand.
  • Dat is prima, ik raad echter wel aan z.s.m. te updaten naar SP2, wanneer je dit niet doet mis je essentiele beveiligingsupdates en heb je binnen de kortste keren weer nieuwe infecties opgelopen.
  • Hoe kan ik trouwens in het register zien of alles van megaclick weg is?
    In de link die in mijn 1e post staat daar iets over.
  • Je had last van een Wareout infectie, dit is een DNS Hijacker

    [quote:9532cd53c5]
    DNS-servers worden gebruikt om de naam van een website te vertalen naar het IP-adres.
    Indien deze servers gewijzigd worden door malware, dan worden er foutieve DNS-servers gebruikt. Het gevolg hiervan is dat men wordt doorverwezen naar foutieve websites.[/quote:9532cd53c5]

    Deze is nu opgelost, dus er komt geen register aan te pas.
    Zie ook: http://users.telenet.be/marcvn/spyware/1176009.htm
  • Ik heb nog steeds last van deze rotzooi. Hier is een HiJack log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:29:21, on 11-10-2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    End of file - 5905 bytes
  • Deïnstalleer combofix:
    - Ga naar start > uitvoeren en typ ComboFix /u
    - Klik vervolgens op 2. en klik enter

    Nu even Combofix opnieuw downloaden en een nieuw logje maken:

    Download Combofix naar je Bureaublad.
    [list:5e0adcf81a]
    Dubbelklik [b:5e0adcf81a]Combofix.exe[/b:5e0adcf81a]
    Volg de instructies, aanvaard de disclaimer door "[b:5e0adcf81a]1[/b:5e0adcf81a]" te typen en te bevestigen via "[b:5e0adcf81a]Enter[/b:5e0adcf81a]".
    Tijdens het runnen van de fix, [b:5e0adcf81a]NIET[/b:5e0adcf81a] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:5e0adcf81a]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:5e0adcf81a]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:5e0adcf81a]

    [b:5e0adcf81a]Note:[/b:5e0adcf81a] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
  • Combofix Log:
    ComboFix 07-10-11.5 - Feike Hemminga 2007-10-11 15:27:06.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.497 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Feike Hemminga\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))
    .

    2007-10-10 03:39 <DIR> d——– C:\Program Files\MozBackup
    2007-10-09 15:58 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-09 14:49 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-08 19:17 <DIR> d——– C:\Program Files\PKR
    2007-10-06 23:21 <DIR> d——– C:\Program Files\PokerStars
    2007-10-06 19:58 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-06 19:56 <DIR> d——– C:\Program Files\Alcohol Soft
    2007-10-03 16:57 <DIR> d——– C:\Program Files\Common Files\Canon
    2007-10-03 16:57 <DIR> d——– C:\Program Files\Canon
    2007-10-03 16:53 150,528 –a—— C:\WINDOWS\system32\ptpusd.dll
    2007-10-03 16:53 14,208 –a—— C:\WINDOWS\system32\drivers\usbscan.sys
    2007-10-03 16:53 14,208 –a–c— C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-10-03 16:53 5,632 –a—— C:\WINDOWS\system32\ptpusb.dll
    2007-09-24 18:01 <DIR> d——– C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768 dir
    2007-09-24 18:01 202,240 –a—— C:\WINDOWS\system32\Tropical Cocktail 3D 1024x768.scr
    2007-09-19 17:13 247,296 –a—— C:\WINDOWS\UN160413.EXE
    2007-09-19 17:13 20,976 –a—— C:\WINDOWS\system\CTL3D.DLL
    2007-09-17 00:29 <DIR> d——– C:\Program Files\Zylom Games
    2007-09-17 00:29 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Zylom
    2007-09-15 03:03 <DIR> d——– C:\WINDOWS\Preferences

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-11 13:12 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Azureus
    2007-10-10 13:14 ——— d—–w C:\Program Files\Gabest
    2007-10-06 22:26 ——— d—–w C:\Program Files\Azureus
    2007-10-06 01:56 ——— d—–w C:\Program Files\GameSpy Arcade
    2007-09-29 00:03 ——— d—–w C:\Program Files\EA SPORTS
    2007-09-25 20:37 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-25 20:33 ——— d—–w C:\Program Files\KONAMI
    2007-09-16 22:29 ——— d—–w C:\Program Files\PopCap Games
    2007-08-29 17:17 ——— d—–w C:\Program Files\Common Files\Logitech
    2007-08-25 20:21 ——— d—–w C:\Program Files\TVAnts
    2007-08-23 16:57 ——— d—–w C:\Program Files\MSN Messenger
    2007-08-23 13:08 ——— d—–w C:\Program Files\AviSynth 2.5
    2007-08-23 13:08 ——— d—–w C:\Program Files\Avi2Dvd
    2007-08-22 15:57 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld
    2007-08-20 15:34 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Sony
    2007-08-19 13:47 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-08-19 13:45 ——— d—–w C:\Program Files\DVD Shrink
    2007-08-19 13:37 ——— d—–w C:\Program Files\CloneDVD
    2007-08-19 12:41 39,488 —-a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
    2007-08-16 17:36 ——— d—–w C:\Program Files\Steam
    2007-08-16 13:26 ——— d—–w C:\Program Files\DivX
    2007-08-15 17:41 ——— d—–w C:\Program Files\Electronic Arts
    2007-08-15 17:04 ——— d—–w C:\Program Files\D-Tools
    2007-08-15 16:39 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\ATI
    2007-08-15 16:39 ——— d—–w C:\Documents and Settings\All Users\Application Data\ATI
    2007-08-15 15:48 ——— d—–w C:\Program Files\ATI Technologies
    2007-08-15 12:52 ——— d—–w C:\Program Files\Easy Video Joiner
    2007-08-15 12:51 73,216 —-a-w C:\WINDOWS\ST6UNST.EXE
    2007-08-15 12:51 249,856 ——w C:\WINDOWS\Setup1.exe
    2007-08-15 12:51 ——— d—–w C:\Program Files\SubSync
    2007-08-13 01:54 ——— d—–w C:\Program Files\QuickTime Alternative
    2007-08-13 01:54 ——— d—–w C:\Program Files\Media Player Classic
    2007-08-13 01:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-08-11 18:45 ——— d—–w C:\Documents and Settings\Feike Hemminga\Application Data\Yahoo!
    2007-08-03 20:02 4,734,976 —-a-w C:\WINDOWS\reloaded.scr
    2007-08-03 01:28 98,304 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-08-03 00:48 720,896 —-a-w C:\WINDOWS\iun6002.exe
    2007-08-02 22:35 270,336 —-a-w C:\WINDOWS\system32\imon.dll
    2007-08-02 20:45 107,132 —-a-w C:\WINDOWS\UninstallFirefox.exe
    2007-08-02 17:55 94,208 —-a-w C:\WINDOWS\system32\34api.dll
    2007-08-02 17:55 90,112 —-a-w C:\WINDOWS\system32\34com.dll
    2007-08-02 17:55 32,768 —-a-w C:\WINDOWS\system32\Prop7134.dll
    2007-07-28 03:37 8,237,056 —-a-w C:\WINDOWS\system32\atioglx2.dll
    2007-07-28 03:31 344,064 —-a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2007-07-28 03:30 269,312 —-a-w C:\WINDOWS\system32\ati2dvag.dll
    2007-07-28 03:24 307,200 —-a-w C:\WINDOWS\system32\atiiiexx.dll
    2007-07-28 03:23 143,360 —-a-w C:\WINDOWS\system32\atipdlxx.dll
    2007-07-28 03:23 122,880 —-a-w C:\WINDOWS\system32\Oemdspif.dll
    2007-07-28 03:22 43,520 —-a-w C:\WINDOWS\system32\ati2edxx.dll
    2007-07-28 03:22 26,112 —-a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2007-07-28 03:22 118,784 —-a-w C:\WINDOWS\system32\ati2evxx.dll
    2007-07-28 03:21 483,328 —-a-w C:\WINDOWS\system32\ati2evxx.exe
    2007-07-28 03:20 53,248 —-a-w C:\WINDOWS\system32\ATIDDC.DLL
    2007-07-28 03:12 3,067,712 —-a-w C:\WINDOWS\system32\ati3duag.dll
    2007-07-28 03:06 176,128 —-a-w C:\WINDOWS\system32\atiok3x2.dll
    2007-07-28 03:01 1,550,208 —-a-w C:\WINDOWS\system32\ativvaxx.dll
    2007-07-28 02:50 5,435,392 —-a-w C:\WINDOWS\system32\atioglxx.dll
    2007-07-28 02:47 266,240 —-a-w C:\WINDOWS\system32\atikvmag.dll
    2007-07-28 02:46 17,408 —-a-w C:\WINDOWS\system32\atitvo32.dll
    2007-07-28 02:40 450,560 —-a-w C:\WINDOWS\system32\ati2cqag.dll
    2007-07-27 19:05 593,920 ——w C:\WINDOWS\system32\ati2sgag.exe
    2007-07-26 23:06 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-07-26 23:06 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-07-12 16:18 50,520 —-a-w C:\WINDOWS\system32\csvidcap.dll
    2007-07-12 02:54 107,864 —-a-w C:\WINDOWS\system32\tsccvid.dll
    2004-03-11 11:27 40,960 —-a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10]
    "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 01:55]
    "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-03 00:34]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 16:08]
    "RssReader"="C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" [2007-08-07 21:38]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Feike Hemminga^Menu Start^Programma's^Opstarten^QuickTV.lnk]
    path=C:\Documents and Settings\Feike Hemminga\Menu Start\Programma's\Opstarten\QuickTV.lnk
    backup=C:\WINDOWS\pss\QuickTV.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher]
    C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey]
    C:\WINDOWS\Twain_32\SlimU2\HotKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
    "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Program Files\Steam\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    R3 Cap7134;Cap7134 Capture;C:\WINDOWS\System32\DRIVERS\Cap7134.sys
    R3 PhTVTune;Cap713x TVTuner;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-11 15:28:44
    Windows 5.1.2600 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?p ????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@?p ??????U\?w??????????@???????????????????B?????? ????????????????????????????B

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-11 15:29:19
    C:\ComboFix-quarantined-files.txt … 2007-10-09 16:00
    C:\ComboFix2.txt … 2007-10-09 16:00
    .
    — E O F —

    HiJackThis Log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:33:45, on 11-10-2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    End of file - 5814 bytes

    Moet ik trouwens het icoontje van IE wat op mijn bureaublad is gekomen na het runnen van Combofix laten staan?
  • Kun je dit bestand eens laten scannen bij Jotti: [b:b9b75376e8]C:\WINDOWS\reloaded.scr[/b:b9b75376e8]
    Ga naar Jotti Bij bladeren kopieer je het volgende:
    [b:b9b75376e8]C:\WINDOWS\reloaded.scr[/b:b9b75376e8]. Klik vervolgens op Submit en plak het resultaat hier.

    Doe ook het volgende even:
    Download F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
    Plaats het op je bureaublad.
    Dubbelklik op blbeta.exe.
    Klik op "I accept the agreement".
    Klik op "Next".
    Klik op "Scan" en als het programma klaar is klik je daarna op "Next".
    Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven.
    Laat nog niks hernoemen.
    Op je bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen)
    Dit is het logje dat blacklight gemaakt heeft. Post het.

    Succes!
  • Dit is de log van Jottie:
    Scan taken on 11 Oct 2007 18:33:32 (GMT)
    A-Squared
    Found nothing
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    CPsecure
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found nothing
    Rising Antivirus
    Found nothing
    Sophos Antivirus
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing

    Ik kan helaas niet F-Secure downloaden, want de trial-versie is verlopen.
  • Download: [b:a740ad8e0f]RemoveVideoActiveXObject.exe[/b:a740ad8e0f]
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.

    Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal.
    [b:a740ad8e0f]Mogelijk[/b:a740ad8e0f] start er ook een uninstaller van een rogue scanner op, [b:a740ad8e0f]sluit deze niet[/b:a740ad8e0f] af maar volg eventuele aanwijzingen en laat deze zijn werk doen.



    Daarna de [b:a740ad8e0f]PC herstarten[/b:a740ad8e0f] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Zoek daarna even het volgende bestand op [b:a740ad8e0f]C:\RVAXO-results.log[/b:a740ad8e0f]
    Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een logje van HijackThis.

    Download [b:a740ad8e0f]Gmer[/b:a740ad8e0f] en plaats het op je [b:a740ad8e0f]bureaublad.[/b:a740ad8e0f]
    - Unzip het > open de map gmer > dubbelklik op [b:a740ad8e0f]gmer.exe[/b:a740ad8e0f].
    - Ga naar het tabblad [u:a740ad8e0f]Rootkit[/u:a740ad8e0f] en klik op de [u:a740ad8e0f]Scan[/u:a740ad8e0f] knop.
    [i:a740ad8e0f](Als een rootkit actief is, kan het zijn dat Gmer zal vragen om een scan uit te voeren. Sta dit toe.)[/i:a740ad8e0f]
    - Als de scan klaar is klik je op de knop [u:a740ad8e0f]Copy[/u:a740ad8e0f].
    - Via CTRL+V kan je de volledige inhoud van het gmerlogje in je volgende post plakken.

    Succes!

    Pim
  • RVAXO-log:
    —————-RVAXO.exe first run————-

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:


    Hosts-file was reset, If you use a custom hosts file please replace it…

    ————–RVAXO.exe last run—————

    Files found:

    Folders Found:

    HiJackThis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:00:11, on 11-10-2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Feike Hemminga\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187184116890
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    End of file - 5791 bytes

    Gmer log:
    GMER 1.0.13.12551 - http://www.gmer.net
    Rootkit scan 2007-10-11 23:11:20
    Windows 5.1.2600 Service Pack 1


    —- System - GMER 1.0.13 —-

    SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
    SSDT d347bus.sys ZwClose
    SSDT d347bus.sys ZwCreateKey
    SSDT d347bus.sys ZwCreatePagingFile
    SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread
    SSDT d347bus.sys ZwEnumerateKey
    SSDT d347bus.sys ZwEnumerateValueKey
    SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection
    SSDT d347bus.sys ZwOpenKey
    SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
    SSDT d347bus.sys ZwQueryKey
    SSDT d347bus.sys ZwQueryValueKey
    SSDT d347bus.sys ZwSetSystemPowerState
    SSDT sptd.sys ZwSetValueKey
    SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwShutdownSystem
    SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess
    SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory

    —- Kernel code sections - GMER 1.0.13 —-

    .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ]
    .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 150 805025CC 4 Bytes [ 30, 4B, F6, F6 ]
    .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 170 805025EC 4 Bytes [ 18, 48, 6F, F7 ]
    .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [ D0, 47, 6F, F7 ]
    .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1C0 8050263C 4 Bytes [ 20, 8A, 6E, F7 ]
    .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1E0 8050265C 4 Bytes [ F0, 46, F6, F6 ]
    .text …
    ? C:\WINDOWS\system32\drivers\sptd.sys Het proces heeft geen toegang tot het bestand omdat
    het bestand door een ander proces wordt gebruikt.
    .text USBPORT.SYS!DllUnload F73E7F88 5 Bytes JMP 863E8770
    ? System32\Drivers\a70d6dwm.SYS Het systeem kan het opgegeven bestand niet vinden.
    .text ntdll.dll!NtCreateSection 77F65A21 1 Byte [ E9 ]
    .text ntdll.dll!NtCreateSection + 2 77F65A23 3 Bytes [ 12, 0D, FA ]

    —- User code sections - GMER 1.0.13 —-

    .text C:\Program Files\MSN Messenger\msnmsgr.exe[620] kernel32.dll!SetUnhandledExceptionFilter 77E5E5A1 9 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe
    .text C:\Documents and Settings\Feike Hemminga\Bureaublad\gmer\gmer.exe[3716] ntdll.dll!NtCreateSection 77F65A21 1 Byte [ E9 ]
    .text C:\Documents and Settings\Feike Hemminga\Bureaublad\gmer\gmer.exe[3716] ntdll.dll!NtCreateSection + 2 77F65A23 3 Bytes [ 12, 0D, FA ]

    —- Kernel IAT/EAT - GMER 1.0.13 —-

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F773C350] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F773C2FC] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F775E93A] sptd.sys
    IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F773B57E] sptd.sys
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7576970] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7576760] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7576A30] Teefer.sys
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7576AD0] Teefer.sys

    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867E0C80
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867D81E8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867D81E8

    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B80E6B4C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B80E6756] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B80E6F14] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B80E714C] amon.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B80E714C] amon.sys

    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86183860
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86217790
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86217790
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6F63220] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F6F63480] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F6F635A0] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6F635D0] wpsdrvnt.sys
    Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 863D21E8
    Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 863D21E8
    Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 863D21E8
    Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D21E8
    Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 863D21E8
    Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 863D21E8
    Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 863D21E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867DA1E8
    Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867DA1E8
    Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 863D21E8
    Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 863D21E8
    Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 863D21E8
    Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D21E8
    Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 863D21E8
    Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 863D21E8
    Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 863D21E8
    Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 863BB1E8
    Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 863BB1E8
    Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 863BB1E8
    Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863BB1E8
    Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 863BB1E8
    Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 863BB1E8
    Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 863BB1E8
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6F63220] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F6F63480] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F6F635A0] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6F635D0] wpsdrvnt.sys
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8676F1E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8676F1E8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86424838
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86424838
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8646A9B0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86424838
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86424838
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8672A928
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8672A928
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_READ 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_READ 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 8672A928
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.