|
| Pagina's: 1 2 |
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
![[*]](./images/default/default_icon.gif) Gepost op 20-7-2010 om 18:38 |
|
|
HijackThis/Mbam logs
Hier mijn originele post waarna ik hierheen werd doorgestuurd:
Sinds een paar dagen reset mijn Wave volume op willekeurige momenten naar 0, zo om de 20-30 minuten.
Het lijkt niet door bepaalde handelingen veroorzaakt te worden.
Dat is het vervelendst op het moment.
Verder krijg ik sinds diezelfde dag als het volume-probleem begon ook om de zoveel tijd pop-ups.
Welke site ik op zit en of ik überhaupt ergens op klik lijken niet uit te maken.
Ook sinds die dag hoor ik, wanneer mijn volume niet op 0 staat, de karakteristieke klik-geluiden van geladen pagina's en reclames (als u begrijpt wat
ik daarmee bedoel), zelfs als mijn browser gesloten is.
Omdat het allemaal op één dag begon dacht ik aan een virus, maar Adaware, Norton en Advanced Windowscare hebben niet het verantwoordelijke virus of
spyware gevonden.
------------------------------------------------------------------
De Mbamlog (2x):
Databaseversie: 4324
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
18-7-2010 22:03:07
mbam-log-2010-07-18 (22-03-07).txt
Scantype: Snelle scan
Objecten gescand: 144137
Verstreken tijd: 16 minuut/minuten, 13 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined
and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined
and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
EN
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Databaseversie: 4324
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
18-7-2010 23:42:04
mbam-log-2010-07-18 (23-42-04).txt
Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 229932
Verstreken tijd: 1 uur/uren, 20 minuut/minuten, 43 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
D:\System Volume Information\_restore{AA4B9BE2-E74B-45B7-A6C9-91FB1928F704}\RP333\A0078922.exe (Trojan.Downloader) -> Quarantined and deleted
successfully.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:19:23, on 20-7-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\WINDOWS\vspc1300.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [SPC1300] C:\WINDOWS\vspc1300.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Philips GoGear ARIA Device Manager.lnk = ?
O4 - Global Startup: TrayMin1300.lnk = ?
O4 - Global Startup: TrayMin220.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Coen\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 11471 bytes
Alvast bedankt, Coen
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 20-7-2010 om 19:01 |
|
|
Schoon eerst de tijdelijke bestanden even op m.b.v. deze procedure.
Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan
only”. Selecteer alleen de items die hieronder zijn genoemd:
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
Sluit alle vensters incl je browser. Behalve HijackThis en klik op fix checked. Sluit HijackThis.
Download Combofix naar je
Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix
wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere
realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix
gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door op Ja (continue) te klikken.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
Vertel hoe het met de problemen staat 
Voorkom een kater, blijf dronken 
 |
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 21-7-2010 om 23:24 |
|
|
Alles gedaan, maar nog niets heeft het kunnen verhelpen.
Wave volume stond na het heropstarten van de computer na het gebruik van Combofix weer op 0.
Ook de "klik"-geluiden van geladen pagina's e.d. zijn er nog.
Heb sinds het uitvoeren van Combofix geen pop-ups gehad, maar wel de vraag of ik weer van IE mijn standaardbrowser wilde maken - wat ik dus alleen
kreeg als ik het opstartte. (Mijn standaardbrowser is FireFox maar de pop-ups kwamen in InternetExplorer)
EDIT: Eerste pop-up is binnen.
Dan hier de logjes:
-------------------------------------------------------------------------------
Nieuwe HijackThis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:16:29, on 21-7-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [SPC1300] C:\WINDOWS\vspc1300.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Philips GoGear ARIA Device Manager.lnk = ?
O4 - Global Startup: TrayMin1300.lnk = ?
O4 - Global Startup: TrayMin220.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Coen\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 11166 bytes
--------------------------------------------------------------------------------
En Combofix log
ComboFix 10-07-21.01 - Coen 21-07-2010 22:53:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2038.1343 [GMT 2:00]
Gestart vanuit: c:\program files\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\xpsp1hfm.log
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-21 to 2010-07-21 ))))))))))))))))))))))))))))))
.
2010-07-21 20:43 . 2010-07-21 20:44 3739807 ----a-r- c:\program files\ComboFix.exe
2010-07-21 20:41 . 2010-07-21 20:41 -------- d-----w- c:\program files\backups
2010-07-21 12:08 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-20 00:05 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-19 22:24 . 2010-07-19 22:24 -------- d-----w- c:\program files\Panda Security
2010-07-19 22:18 . 2010-07-19 22:18 388608 ----a-w- c:\program files\HijackThis.exe
2010-07-18 19:44 . 2010-07-18 19:44 -------- d-----w- c:\documents and settings\Coen\Application Data\Malwarebytes
2010-07-18 19:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 19:44 . 2010-07-18 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-18 19:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 19:44 . 2010-07-18 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 19:32 . 2010-07-18 19:35 -------- d-----w- c:\program files\malwarebytes
2010-07-18 01:21 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-17 21:42 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-17 21:33 . 2010-07-17 21:33 -------- d-----w- c:\documents and settings\Coen\Local Settings\Application Data\Sunbelt Software
2010-07-17 21:30 . 2010-07-17 21:30 -------- dc-h--w- c:\documents and settings\All Users\Application
Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-17 21:29 . 2010-07-18 19:30 -------- d-----w- c:\program files\Lavasoft
2010-07-15 22:53 . 2010-07-15 22:53 -------- d-----w- c:\program files\NOS
2010-07-14 12:21 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 20:24 . 2010-07-21 20:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2010-07-13 20:24 . 2010-07-13 20:24 -------- d-----r- c:\documents and settings\LocalService\Favorieten
2010-07-12 21:43 . 2010-07-18 01:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-07-12 21:43 . 2010-07-12 21:43 -------- d-----r- c:\documents and settings\NetworkService\Favorieten
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 20:42 . 2010-01-11 21:12 -------- d-----w- c:\program files\Ask.com
2010-07-21 12:08 . 2006-01-18 09:16 -------- d-----w- c:\program files\Common Files\Java
2010-07-21 12:08 . 2006-01-18 09:16 -------- d-----w- c:\program files\Java
2010-07-19 22:19 . 2010-07-19 22:19 11473 ----a-w- c:\program files\hijackthis.log
2010-07-17 21:42 . 2009-10-28 18:50 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-17 21:29 . 2009-10-28 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-15 22:53 . 2010-01-06 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-12 08:56 . 2010-07-17 21:30 2979280 -c--a-w- c:\documents and settings\All Users\Application
Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-06-26 01:03 . 2006-01-18 08:44 92064 ----a-w- c:\windows\system32\perfc013.dat
2010-06-26 01:03 . 2006-01-18 08:44 512418 ----a-w- c:\windows\system32\perfh013.dat
2010-06-14 14:31 . 2008-12-09 21:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 01:45 . 2010-03-27 14:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 18:23 . 2010-06-05 18:23 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-06-05 18:23 . 2006-01-18 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 06:11 . 2010-05-28 06:11 503808 ----a-w- c:\documents and settings\Coen\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c94feb6-n\msvcp71.dll
2010-05-28 06:11 . 2010-05-28 06:11 499712 ----a-w- c:\documents and settings\Coen\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c94feb6-n\jmc.dll
2010-05-28 06:11 . 2010-05-28 06:11 348160 ----a-w- c:\documents and settings\Coen\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c94feb6-n\msvcr71.dll
2010-05-28 06:11 . 2010-05-28 06:11 61440 ----a-w- c:\documents and settings\Coen\Application
Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e71ab7c-n\decora-sse.dll
2010-05-28 06:11 . 2010-05-28 06:11 12800 ----a-w- c:\documents and settings\Coen\Application
Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e71ab7c-n\decora-d3d.dll
2010-05-16 19:07 . 2010-03-24 17:57 50 ----a-w- c:\documents and settings\Coen\jagex__preferences3.dat
2010-05-16 19:07 . 2009-03-02 21:31 69 ----a-w- c:\documents and settings\Coen\jagex_runescape_preferences.dat
2010-05-16 18:49 . 2009-10-29 15:57 75 ----a-w- c:\documents and settings\Coen\jagex_runescape_preferences2.dat
2010-05-04 17:21 . 2006-01-18 08:44 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:21 . 2008-12-09 21:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:21 . 2008-12-09 21:39 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:10 . 2008-12-09 21:39 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-01-30 18:42 . 2010-01-30 18:42 22628887 -c--a-w- c:\program files\botclient.zip
2009-10-20 09:16 . 2009-10-20 09:16 1751280 ----a-w- c:\program files\mirc635.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-16 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-08-26 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-07 65536]
"Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
"SPC1300"="c:\windows\vspc1300.exe" [2007-05-31 675840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]
c:\documents and settings\Coen\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Philips GoGear ARIA Device Manager.lnk - c:\program files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe [2009-7-2 1611152]
TrayMin1300.lnk - c:\program files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe [2008-9-20 245760]
TrayMin220.lnk - c:\program files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2008-7-21 278528]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17-7-2010 23:42 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20-7-2010 2:05 28552]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25-5-2010 19:12 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25-5-2010 19:12 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [13-7-2010 5:13 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25-5-2010 19:12 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25-5-2010 19:12 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25-5-201019:11 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12-6-2010 1:19102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100720.001\IDSXpx86.sys [21-7-2010 13:54 331640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program
files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Coen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Coen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys
[?]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [20-9-2008 14:58 88320]
S3 SPC1300;USB2.0 PC Camera (SPC1300);c:\windows\system32\drivers\spc1300.sys [20-9-2008 14:58 3033728]
S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\drivers\SPC220NC.SYS [21-7-2008 17:02 507136]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - PAVBOOT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
2010-07-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 13:56]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.runescape.com/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Coen\Application Data\Mozilla\Firefox\Profiles\8yf1tbin.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - component: c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -
pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",
"chrome ://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",
"chrome ://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 23:03
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m
\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-2548815542-2784806083-334565904-1006\Software\SecuROM\License information*]
"datasecu"=hex:42,c4,15,f6,ac,f7,45,92,ce,f5,9a,b4,ed,07,06,f7,64,8f,df,16,21,
54,05,6d,9d,2d,d1,17,1d,b1,54,12,c4,c5,d2,71,df,12,52,e2,9c,c3,0f,f8,bd,38,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ�•€|ù•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\TDispVol.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSMain.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Voltooingstijd: 2010-07-21 23:11:46 - machine werd herstart
ComboFix-quarantined-files.txt 2010-07-21 21:11
Pre-Run: 4.752.932.864 bytes beschikbaar
Post-Run: 4.874.522.624 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 070C95CA969A8F0B2DE2B08759E36FC0
Ik hoop dat je hier iets mee kunt. 
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 23-7-2010 om 01:05 |
|
|
Ga nu een week op vakantie, zaterdag zal ik dan alles maar moeten uitvoeren.
Alvast bedankt, Coen
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 30-7-2010 om 19:01 |
|
|
Oke, terug van vakantie.
Is er nog iets wat je wilt weten?
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 30-7-2010 om 19:03 |
|
|
Ja goede vakantie gehad 
Voorkom een kater, blijf dronken
|
|
|
boerpiet
Lid
Posts: 773
Registreerde: 24-4-2005
Lid is offline
Stemming: Al schudt men nog zo kloek................. de laatste druppel valt toch in de broek
|
| Gepost op 30-7-2010 om 19:04 |
|
|
| Quote: | origineel gepost door lucas
Ja goede vakantie gehad |
Kijk dat is nog eens een welkom.
Waar maak je dat nu nog mee
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 30-7-2010 om 21:04 |
|
|
Het was een hele fijne vakantie!
Ben alleen wel uit pure vermoeidheid net per ongeluk anderhalf uur in slaap gevallen.
En was alles oké hier?
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 30-7-2010 om 21:12 |
|
|
  Alles goed hier ik lees dat je weer aan vakantie toe bent 
Goed nu ff ontopic heb je nog problemen zo ja welke ?
Voorkom een kater, blijf dronken
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 30-7-2010 om 21:36 |
|
|
Nog steeds last van volume-reset en en pop-ups (met IE).
Soms geen pop-up maar wel de muziek er van.
Die "klikgeluiden" van geladen pagina's lijken weg te zijn, maar dat leken de pop-ups ook een tijdje.
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 30-7-2010 om 22:53 |
|
|
Kun je een omschrijving geven van de popups en nieuw mbam en combofix log aub.
Voorkom een kater, blijf dronken
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 30-7-2010 om 23:26 |
|
|
De pop-ups zijn over het algemeen dingen om je bij in te schrijven.
Bijvoorbeeld dat ik iets heb gewonnen en mijn gegevens moet geven, of dat ik me direct moet aanmelden voor een online spel.
De logjes komen morgen, dat red ik nu niet voor het slapen.
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 30-7-2010 om 23:30 |
|
|
Doe maar rustig aan is goed als het je lukt een paar screen shots hier te plaatsen zou het mooi zijn 
Voorkom een kater, blijf dronken
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 30-7-2010 om 23:39 |
|
|
Zie de boosdoener al
c:\docume~1\Coen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys 
Voorkom een kater, blijf dronken
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 31-7-2010 om 15:06 |
|
|
Ja?
Wat moet ik doen om het weg te halen?
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 31-7-2010 om 15:54 |
|
|
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Folder::
c:\docume~1\Coen\LOCALS~1\Temp\cpuz130
Driver::
c:\docume~1\Coen\LOCALS~1\Temp\cpuz130\cpuz_x32.sys
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Voorkom een kater, blijf dronken
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 31-7-2010 om 17:02 |
|
|
HijackThis log komt er zo aan.
ComboFix 10-07-30.04 - Coen 31-07-2010 16:33:45.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2038.1355 [GMT 2:00]
Gestart vanuit: c:\program files\ComboFix.exe
gebruikte Opdracht switches :: c:\program files\CFScript.txt
AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ERDNT\cache\userinit.exe
.
MBR is infected with the Whistler Bootkit !!
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_cpuz130
-------\Service_cpuz130
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-28 to 2010-07-31 ))))))))))))))))))))))))))))))
.
2010-07-30 16:52 . 2010-07-30 16:56 -------- d-----w- c:\program files\avira
2010-07-21 20:43 . 2010-07-31 14:30 3747840 ----a-r- c:\program files\ComboFix.exe
2010-07-21 20:41 . 2010-07-21 20:41 -------- d-----w- c:\program files\backups
2010-07-21 12:08 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-20 00:05 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-19 22:24 . 2010-07-19 22:24 -------- d-----w- c:\program files\Panda Security
2010-07-19 22:18 . 2010-07-19 22:18 388608 ----a-w- c:\program files\HijackThis.exe
2010-07-18 19:44 . 2010-07-18 19:44 -------- d-----w- c:\documents and settings\Coen\Application Data\Malwarebytes
2010-07-18 19:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 19:44 . 2010-07-18 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-18 19:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 19:44 . 2010-07-18 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 19:32 . 2010-07-18 19:35 -------- d-----w- c:\program files\malwarebytes
2010-07-18 01:21 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-17 21:42 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-17 21:33 . 2010-07-17 21:33 -------- d-----w- c:\documents and settings\Coen\Local Settings\Application Data\Sunbelt Software
2010-07-17 21:30 . 2010-07-17 21:30 -------- dc-h--w- c:\documents and settings\All Users\Application
Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-17 21:30 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application
Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-17 21:29 . 2010-07-18 19:30 -------- d-----w- c:\program files\Lavasoft
2010-07-15 22:53 . 2010-07-15 22:53 -------- d-----w- c:\program files\NOS
2010-07-14 12:21 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 20:24 . 2010-07-21 20:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2010-07-13 20:24 . 2010-07-13 20:24 -------- d-----r- c:\documents and settings\LocalService\Favorieten
2010-07-12 21:43 . 2010-07-18 01:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-07-12 21:43 . 2010-07-12 21:43 -------- d-----r- c:\documents and settings\NetworkService\Favorieten
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 16:28 . 2010-01-30 18:56 -------- d-----w- c:\program files\botclient
2010-07-21 12:08 . 2006-01-18 09:16 -------- d-----w- c:\program files\Common Files\Java
2010-07-21 12:08 . 2006-01-18 09:16 -------- d-----w- c:\program files\Java
2010-07-19 22:19 . 2010-07-19 22:19 11473 ----a-w- c:\program files\hijackthis.log
2010-07-17 21:42 . 2009-10-28 18:50 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-17 21:29 . 2009-10-28 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-15 22:53 . 2010-01-06 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-26 01:03 . 2006-01-18 08:44 92064 ----a-w- c:\windows\system32\perfc013.dat
2010-06-26 01:03 . 2006-01-18 08:44 512418 ----a-w- c:\windows\system32\perfh013.dat
2010-06-14 14:31 . 2008-12-09 21:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 01:45 . 2010-03-27 14:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 18:23 . 2010-06-05 18:23 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-06-05 18:23 . 2006-01-18 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 06:11 . 2010-05-28 06:11 503808 ----a-w- c:\documents and settings\Coen\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c94feb6-n\msvcp71.dll
2010-05-28 06:11 . 2010-05-28 06:11 499712 ----a-w- c:\documents and settings\Coen\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c94feb6-n\jmc.dll
2010-05-28 06:11 . 2010-05-28 06:11 348160 ----a-w- c:\documents and settings\Coen\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c94feb6-n\msvcr71.dll
2010-05-28 06:11 . 2010-05-28 06:11 61440 ----a-w- c:\documents and settings\Coen\Application
Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e71ab7c-n\decora-sse.dll
2010-05-28 06:11 . 2010-05-28 06:11 12800 ----a-w- c:\documents and settings\Coen\Application
Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e71ab7c-n\decora-d3d.dll
2010-05-16 19:07 . 2010-03-24 17:57 50 ----a-w- c:\documents and settings\Coen\jagex__preferences3.dat
2010-05-16 19:07 . 2009-03-02 21:31 69 ----a-w- c:\documents and settings\Coen\jagex_runescape_preferences.dat
2010-05-16 18:49 . 2009-10-29 15:57 75 ----a-w- c:\documents and settings\Coen\jagex_runescape_preferences2.dat
2010-05-04 17:21 . 2006-01-18 08:44 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:21 . 2008-12-09 21:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:21 . 2008-12-09 21:39 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-30 18:42 . 2010-01-30 18:42 22628887 -c--a-w- c:\program files\botclient.zip
2009-10-20 09:16 . 2009-10-20 09:16 1751280 ----a-w- c:\program files\mirc635.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-16 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-08-26 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-07 65536]
"Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
"SPC1300"="c:\windows\vspc1300.exe" [2007-05-31 675840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Philips GoGear ARIA Device Manager.lnk - c:\program files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe [2009-7-2 1611152]
TrayMin1300.lnk - c:\program files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe [2008-9-20 245760]
TrayMin220.lnk - c:\program files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2008-7-21 278528]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17-7-2010 23:42 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20-7-2010 2:05 28552]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25-5-2010 19:12 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25-5-2010 19:12 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [13-7-2010 5:13 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25-5-2010 19:12 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25-5-2010 19:12 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25-5-201019:11 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12-6-2010 1:19102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100730.001\IDSXpx86.sys [31-7-2010 15:11 331640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program
files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [20-9-2008 14:58 88320]
S3 SPC1300;USB2.0 PC Camera (SPC1300);c:\windows\system32\drivers\spc1300.sys [20-9-2008 14:58 3033728]
S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\drivers\SPC220NC.SYS [21-7-2008 17:02 507136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.runescape.com/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Coen\Application Data\Mozilla\Firefox\Profiles\8yf1tbin.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - component: c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -
pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",
"chrome ://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",
"chrome ://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 16:44
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m
\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-2548815542-2784806083-334565904-1006\Software\SecuROM\License information*]
"datasecu"=hex:42,c4,15,f6,ac,f7,45,92,ce,f5,9a,b4,ed,07,06,f7,64,8f,df,16,21,
54,05,6d,9d,2d,d1,17,1d,b1,54,12,c4,c5,d2,71,df,12,52,e2,9c,c3,0f,f8,bd,38,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ�•€|ù•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1676)
c:\windows\system32\TDispVol.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSMain.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TDispVol.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Voltooingstijd: 2010-07-31 16:50:43 - machine werd herstart
ComboFix-quarantined-files.txt 2010-07-31 14:50
ComboFix2.txt 2010-07-21 21:11
Pre-Run: 4.670.836.736 bytes beschikbaar
Post-Run: 4.753.428.480 bytes beschikbaar
- - End Of File - - E9F692E4DA6B2F4A64806B36BAE68C67
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 31-7-2010 om 17:05 |
|
|
En hier de HijackThis, heb in de paar minuten dat ik opnieuw heb opgestart geen last gehad van pop-ups, maar het duurt soms even.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:03:58, on 31-7-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [SPC1300] C:\WINDOWS\vspc1300.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Philips GoGear ARIA Device Manager.lnk = ?
O4 - Global Startup: TrayMin1300.lnk = ?
O4 - Global Startup: TrayMin220.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Coen\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet
Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 11303 bytes
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 31-7-2010 om 17:19 |
|
|
Je hebt last van een Whistler Bootkit even snel handelen aub
Downloadt http://www.esagelab.com/files/bootkit_remover.rar
Unzip het.
Open de map bootkit_remover en dubbelklik op remover.exe.
Post even wat er in het scherm verschijnt
Voorkom een kater, blijf dronken
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 31-7-2010 om 17:32 |
|
|
Hier screenshot
Hier Log
.\debug.cpp(238) : Debug log started at 31.07.2010 - 15:28:05
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : http://www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00229000 "\WINDOWS\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x80700000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf75a7000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf7596000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf75f7000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf7607000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf7617000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf789b000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xf789f000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf74d8000 0x0001e000 "pcmcia.sys"
.\debug.cpp(256) : 0xf7627000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf74b9000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf78a3000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xf7a50000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf7717000 0x00006000 "pavboot.sys"
.\debug.cpp(256) : 0xf7637000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xf74a1000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf7647000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf7657000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf7481000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf742b000 0x00056000 "SYMDS.SYS"
.\debug.cpp(256) : 0xf7419000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf7667000 0x0000f000 "Lbd.sys"
.\debug.cpp(256) : 0xf785a000 0x0002d000 "SYMEFA.SYS"
.\debug.cpp(256) : 0xf7677000 0x00009000 "PxHelp20.sys"
.\debug.cpp(256) : 0xf7843000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf7830000 0x00013000 "WudfPf.sys"
.\debug.cpp(256) : 0xf7b52000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf795a000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf7687000 0x0000f000 "Combo-Fix.sys"
.\debug.cpp(256) : 0xba7e6000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba047000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xba79a000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xb9cc0000 0x0014b000 "\SystemRoot\system32\DRIVERS\ialmnt5.sys"
.\debug.cpp(256) : 0xb9cac000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xb9c84000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb9b27000 0x0015d000 "\SystemRoot\system32\DRIVERS\w39n51.sys"
.\debug.cpp(256) : 0xf77cf000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb9b03000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf77d7000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xba037000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xb9adb000 0x00028000 "\SystemRoot\system32\drivers\tifm21.sys"
.\debug.cpp(256) : 0xb9ac7000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0xb9a9f000 0x00028000 "\SystemRoot\system32\DRIVERS\e100b325.sys"
.\debug.cpp(256) : 0xba027000 0x0000e000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf77df000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xb9a70000 0x0002f000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xf79b9000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf77e7000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba017000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf77ef000 0x00006000 "\SystemRoot\system32\drivers\iviaspi.sys"
.\debug.cpp(256) : 0xba796000 0x00003000 "\SystemRoot\system32\drivers\pfc.sys"
.\debug.cpp(256) : 0xf76b7000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf76c7000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb9a4d000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf79bb000 0x00002000 "\SystemRoot\system32\DRIVERS\serscan.sys"
.\debug.cpp(256) : 0xba1c8000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf7516000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xba77e000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb9a36000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf7506000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf74f6000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf777f000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb99fd000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf7409000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf7787000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf778f000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf7887000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf79bd000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb999f000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xba6c1000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf79bf000 0x00002000 "\SystemRoot\system32\DRIVERS\NBSMI.sys"
.\debug.cpp(256) : 0xba766000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xa94a0000 0x0040d000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0xa947c000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba736000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xba726000 0x0000b000 "\SystemRoot\system32\DRIVERS\Tvs.sys"
.\debug.cpp(256) : 0xf7797000 0x00008000 "\SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys"
.\debug.cpp(256) : 0xf77a7000 0x00007000 "\SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys"
.\debug.cpp(256) : 0xba716000 0x00009000 "\SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys"
.\debug.cpp(256) : 0xa85d9000 0x00113000 "\SystemRoot\system32\DRIVERS\AGRSM.sys"
.\debug.cpp(256) : 0xf77af000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xba6d6000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf79c3000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf7a75000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf79c5000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf77f7000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xf77ff000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf79c7000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf79c9000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf780f000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf7807000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xba7b2000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xa84b6000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xa845d000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xa83de000 0x00057000 "\SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS"
.\debug.cpp(256) : 0xa83b8000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xba097000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xa8393000 0x00025000 "\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS"
.\debug.cpp(256) : 0xba087000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xa833e000 0x00055000 "\??\C:\Documents and Settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100730.001\IDSxpx86.sys"
.\debug.cpp(256) : 0xba78a000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xba077000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xa8316000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xa82f4000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba067000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xa82d5000 0x0001f000 "\SystemRoot\system32\drivers\NIS\1107000.00C\Ironx86.SYS"
.\debug.cpp(256) : 0xba782000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xb9a32000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xba057000 0x0000a000 "\SystemRoot\system32\drivers\NIS\1107000.00C\SRTSPX.SYS"
.\debug.cpp(256) : 0xa82aa000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xa823a000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf76d7000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xa81dc000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
.\debug.cpp(256) : 0xa81bf000 0x0001d000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
.\debug.cpp(256) : 0xa8140000 0x0007f000 "\SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx86.sys"
.\debug.cpp(256) : 0xa8094000 0x000ac000 "\??\C:\Documents and Settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys"
.\debug.cpp(256) : 0xf7586000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa85c5000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf7757000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7a96000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf020000 0x00022000 "\SystemRoot\System32\ialmdnt5.dll"
.\debug.cpp(256) : 0xbf012000 0x0000e000 "\SystemRoot\System32\ialmrnt5.dll"
.\debug.cpp(256) : 0xbf042000 0x00035000 "\SystemRoot\System32\ialmdev5.DLL"
.\debug.cpp(256) : 0xbf077000 0x000e2000 "\SystemRoot\System32\ialmdd5.DLL"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xf776f000 0x00005000 "\SystemRoot\system32\DRIVERS\AegisP.sys"
.\debug.cpp(256) : 0xa7f44000 0x00004000 "\SystemRoot\system32\DRIVERS\s24trans.sys"
.\debug.cpp(256) : 0xa7f24000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa7f20000 0x00003000 "\SystemRoot\system32\DRIVERS\netdevio.sys"
.\debug.cpp(256) : 0xa7bdf000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xa7ba2000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xa7ed4000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa7853000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa796a000 0x0000a000 "\SystemRoot\system32\DRIVERS\secdrv.sys"
.\debug.cpp(256) : 0xa7324000 0x00057000 "\SystemRoot\System32\Drivers\NIS\1107000.00C\SRTSP.SYS"
.\debug.cpp(256) : 0xa7110000 0x0014c000 "\??\C:\Documents and Settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100730.048\NAVEX15.SYS"
.\debug.cpp(256) : 0xa70fc000 0x00014000 "\??\C:\Documents and Settings\All Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100730.048\NAVENG.SYS"
.\debug.cpp(256) : 0xa6dc3000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xa8734000 0x00006000 "\??\C:\DOCUME~1\Coen\LOCALS~1\Temp\mbr.sys"
.\debug.cpp(256) : 0xf781f000 0x00008000 "\??\C:\ComboFix\catchme.sys"
.\debug.cpp(256) : 0xf79a5000 0x00002000 "\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS"
.\debug.cpp(256) : 0xa6662000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b8000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7dea9d74-1031-11db-a906-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination="\Device\WUDFLpcDevice"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F006E387-2555-4E5D-9BD1-F4ABCD40777C}"
.\debug.cpp(400) : Destination="\Device\{F006E387-2555-4E5D-9BD1-F4ABCD40777C}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B76F0B0E-FB66-444A-AC06-260EDF4D52CE}"
.\debug.cpp(400) : Destination="\Device\{B76F0B0E-FB66-444A-AC06-260EDF4D52CE}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ00#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000054"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000043"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000059"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-841S________________1.60____#5&226f6cf2&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination="\Device\Ip"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) : Destination="\Device\SymEvent"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ01#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000055"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination="\Device\CdRom0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination="\Device\IPSEC"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0861&SUBSYS_11791205&REV_1003#4&1e09af89&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9
223196}"
.\debug.cpp(400) : Destination="\Device\00000091"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000042"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000056"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination="\Device\NDProxy"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination="\Device\ProcessManagement"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_104C&DEV_803A&SUBSYS_FF101179&REV_00#4&6b16d5b&0&31F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature611CE76COffset7E00Length6FFEA9000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-841S________________1.60____#5&226f6cf2&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#IMAGE#0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\00000004"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{03136F31-C1E6-41A4-9362-FB6765CD6B98}"
.\debug.cpp(400) : Destination="\Device\INTELPRO_{03136F31-C1E6-41A4-9362-FB6765CD6B98}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMDS"
.\debug.cpp(400) : Destination="\Device\SymDS"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination="\Device\00000057"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination="\Device\CompositeBattery"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature611CE76COffset6FFEB0E00Length6F90AD200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tvs"
.\debug.cpp(400) : Destination="\Device\Tvs"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0861&SUBSYS_11791205&REV_1003#4&1e09af89&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9
223196}"
.\debug.cpp(400) : Destination="\Device\00000091"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&38462492&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000079"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7dea9d73-1031-11db-a906-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{27CFB99B-A93B-454D-B0A5-9E7554973708}"
.\debug.cpp(400) : Destination="\Device\{27CFB99B-A93B-454D-B0A5-9E7554973708}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BASHDRVCHANNEL"
.\debug.cpp(400) : Destination="\Device\BBDrvDevice"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&363614a3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9ACFB046-B72C-4834-9F55-D402847F0F5E}"
.\debug.cpp(400) : Destination="\Device\{9ACFB046-B72C-4834-9F55-D402847F0F5E}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c315#6&3075869&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000a1"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&9019713&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TOSHIBA Software Modem"
.\debug.cpp(400) : Destination="\Device\00000092"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination="\Device\AgereModem5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54FD007C-6AEE-46E0-ABD5-ED006EC055AF}"
.\debug.cpp(400) : Destination="\Device\{54FD007C-6AEE-46E0-ABD5-ED006EC055AF}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Lbd"
.\debug.cpp(400) : Destination="\Device\Lbd"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination="\Device\NAVEX15"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{27CFB99B-A93B-454D-B0A5-9E7554973708}"
.\debug.cpp(400) : Destination="\Device\s24trans_{27CFB99B-A93B-454D-B0A5-9E7554973708}"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-841S________________1.60____#5&226f6cf2&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_FF101179&REV_02#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D17783D4-C68E-4400-B8F7-46C80F2ECDFA}"
.\debug.cpp(400) : Destination="\Device\{D17783D4-C68E-4400-B8F7-46C80F2ECDFA}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7dea9d72-1031-11db-a906-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c040#6&2f62eac5&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000a2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination="\Device\VideoPdo0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000048"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IVIaspi0"
.\debug.cpp(400) : Destination="\Device\IVIaspi0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NBSMI"
.\debug.cpp(400) : Destination="\Device\NBSMI"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Netdevio"
.\debug.cpp(400) : Destination="\Device\Netdevio"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination="\Device\EraserCtrlDrv"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000046"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AA97CC2C-DDD0-4D55-B6D6-A2B0B84AA872}"
.\debug.cpp(400) : Destination="\Device\{AA97CC2C-DDD0-4D55-B6D6-A2B0B84AA872}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination="\Device\sysaudio"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c315#6&3075869&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\000000a1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000047"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000045"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMRDR"
.\debug.cpp(400) : Destination="\Device\SYMRDR"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&88891a4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS"
.\debug.cpp(400) : Destination="\Device\S24Trans.sys"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&56f6491&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000005b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination="\Device\NAVENG"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Paspi0"
.\debug.cpp(400) : Destination="\Device\Paspi0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0"
.\debug.cpp(400) : Destination="\Device\Pcmcia0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
.\debug.cpp(400) : Destination="\Device\SRTSPX"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination="\Device\Secdrv"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{27CFB99B-A93B-454D-B0A5-9E7554973708}"
.\debug.cpp(400) : Destination="\Device\s24trans_{27CFB99B-A93B-454D-B0A5-9E7554973708}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1902#4&38462492&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007a"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_104C&DEV_803B&SUBSYS_FF101179&REV_00#4&6b16d5b&0&32F0#{2c9f2281-eb3c-11d6-80af-0001020c74d4}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0861&SUBSYS_11791205&REV_1003#4&1e09af89&0&0001#{86841137-ed8e-4d97-9975-f2ed56
b4430e}"
.\debug.cpp(400) : Destination="\Device\00000091"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_8086&DEV_1092&SUBSYS_FF101179&REV_02#4&6b16d5b&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B889371C-11FA-442D-9824-38BB2075B206}"
.\debug.cpp(400) : Destination="\Device\{B889371C-11FA-442D-9824-38BB2075B206}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\IDE#DiskTOSHIBA_MK6034GSX_______________________AH101A__#5&35291d97&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination="\Device\ARP1394"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&f1a25fc&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\catchme"
.\debug.cpp(400) : Destination="\Device\catchme"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c040#5&29574ba5&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_FF101179&REV_02#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_FF101179&REV_03#3&b1bfb68&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_FF101179&REV_02#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000041"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000051"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_FF101179&REV_02#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_8086&DEV_27A6&SUBSYS_FF101179&REV_03#3&b1bfb68&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000003"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pavboot"
.\debug.cpp(400) : Destination="\Device\Pavboot"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0861&SUBSYS_11791205&REV_1003#4&1e09af89&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9
223196}"
.\debug.cpp(400) : Destination="\Device\00000091"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NdisWanIp"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP"
.\debug.cpp(400) : Destination="\Device\AegisP"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007#4&1e09af89&0&0101#{86e0d1e0-8089-11d0-9ce4-08003e
301f73}"
.\debug.cpp(400) : Destination="\Device\00000092"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{03136F31-C1E6-41A4-9362-FB6765CD6B98}"
.\debug.cpp(400) : Destination="\Device\{03136F31-C1E6-41A4-9362-FB6765CD6B98}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c040#6&2f62eac5&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\000000a2"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_FF101179&REV_02#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007#4&1e09af89&0&0101#{2c7089aa-2e0e-11d1-b114-00c04f
c2aae4}"
.\debug.cpp(400) : Destination="\Device\00000092"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3D6F8075-9BAD-4FCE-B601-FCE9F1198296}"
.\debug.cpp(400) : Destination="\Device\{3D6F8075-9BAD-4FCE-B601-FCE9F1198296}"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination="\Device\1394BUS0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMEFA"
.\debug.cpp(400) : Destination="\Device\SYMEFA"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIron"
.\debug.cpp(400) : Destination="\Device\SymIron"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000044"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#000080d00#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000007b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination="\Device\ParTechInc0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination="\Device\0000004b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination="\Device\NdisTapi"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI"
.\debug.cpp(400) : Destination="\Device\SymTDI"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination="\Device\AscKmd"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys"
.\debug.cpp(400) : Destination="\Device\S24Trans.sys"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination="\Device\IPMULTICAST"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination="\Device\ParTechInc1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination="\Device\LanmanRedirector"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10418086&REV_02#4&2803e7c1&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000052"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination="\Device\ParTechInc2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c315#5&29574ba5&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\FtControl"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
.\debug.cpp(400) : Destination="\Device\mbr"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
.\debug.cpp(400) : Destination="\Device\SRTSP"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIDSCo"
.\debug.cpp(400) : Destination="\Device\SymIDSCo"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SND_USER_DEVICE"
.\debug.cpp(400) : Destination="\Device\SND_USER_DEVICE"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000004a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AGRSM_xface"
.\debug.cpp(400) : Destination="\Device\AGRSM_xface"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination="\Device\SynTP"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000049"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PROCEXP113"
.\debug.cpp(400) : Destination="\Device\PROCEXP113"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{27CFB99B-A93B-454D-B0A5-9E7554973708}"
.\debug.cpp(400) : Destination="\Device\AegisP_{27CFB99B-A93B-454D-B0A5-9E7554973708}"
.\debug.cpp(369) : SymbolicLink
"\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0861&SUBSYS_11791205&REV_1003#4&1e09af89&0&0001#{dda54a40-1e4c-11d1-a050-405705
c10000}"
.\debug.cpp(400) : Destination="\Device\00000091"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"
.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: b19ee33a0168d5f0bb9afbe12e2bc035
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 55 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1217) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1220) :
.\boot_cleaner.cpp(1242) : Done;
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 31-7-2010 om 17:36 |
|
|
En een pop-up gehad
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 31-7-2010 om 17:40 |
|
|
Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
SHUTDOWN -r
EXIT
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: emphy.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik op emphy.bat.
Als het goed is doet de computer een herstart zo niet dan doe je het handmatig.
Na computer opstart.
Dubbelklik op remover.exe.
Post even wat er in het scherm verschijnt.
Voorkom een kater, blijf dronken
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 31-7-2010 om 17:47 |
|
|
| Quote: | origineel gepost door CoenZ
En een pop-up gehad |
We zijn ook nog niet klaar
Voorkom een kater, blijf dronken
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 31-7-2010 om 17:57 |
|
|
Ik weet het niet of het er toe doet, maar ik meld het toch maar even:
Bij het opstarten van de emphy.bat kreeg ik eerst een melding dat remover.exe niet kon worden gevonden, daarna begon het aftellen tot het opnieuw
opstarten.
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 31-7-2010 om 18:11 |
|
|
Waar heb je remover.exe geplaatst
Voorkom een kater, blijf dronken
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 31-7-2010 om 18:15 |
|
|
Heb ik voor de snel even in Mijn Documenten geplaatst.
Heb Ad-Aware / mbam en dergelijken al geprobeerd op mijn bureaublad te plaatsen, maar kreeg dan een error en hield er een leeg icoontje aan over dat
niet te verwijderen was "omdat het in gebruik was".
Dus sindsdien heb ik alles van hier in mijn documenten en/of program files gedaan.
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 31-7-2010 om 18:21 |
|
|
ik moet precies weten waar remover.exe is geplaatst !
Bijv C:\mapnaam\mapnaam\remover.exe
Als je met de verkenner zoekt naar remover.exe dan hier even het volledige pad heen kopieren
Voorkom een kater, blijf dronken
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 31-7-2010 om 18:25 |
|
|
PS als je in mijn documenten kijkt zie je remover.exe dan ook staan dan weet ik genoeg
Voorkom een kater, blijf dronken
|
|
|
CoenZ
Lid
Posts: 30
Registreerde: 13-7-2010
Lid is offline
|
| Gepost op 31-7-2010 om 18:25 |
|
|
In de bootkit remover map plaatsen? Of er in slepen zoals bij combofix?
Want bij laatstgenoemde krijg ik een "unknown command" berichtje.
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 31-7-2010 om 18:28 |
|
|
In welke map zie je remover.exe nu staan?????
Voorkom een kater, blijf dronken
|
|
|
| Pagina's: 1 2 |
|
|
