USB poorten

kape · 10 juni 2010

Als je dit allemaal uitgevoerd hebt, zet dan de nieuwe logjes van HijackThis en Malwarebytes eens in je volgende bericht.

STEFKE · 10 juni 2010

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:55:23, on 10/06/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, video, sport, lifestyle, auto en nog veel meer, dat is MSN !

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://*.intranet

O15 - Trusted Zone: http://*.tucrail.be

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158400324312

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177149438343

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 11685 bytes

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/06/2010 21:03:55

mbam-log-2010-06-10 (21-03-55).txt

Scantype: Snelle scan

Objecten gescand: 127339

Verstreken tijd: 7 minuut/minuten, 14 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

kape · 10 juni 2010

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop fsbwsys

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete fsbwsys

Druk op Enter.

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

STEFKE · 10 juni 2010

heb al 3 keer opnieuw de commando's ingevoerd en combofix gedownload,maar iedere keer komt Fsecure terug...

Probeer ik hem toch te laten scannen? Ik weet echt niet hoe ik die.dll files kan verwijderen...

Echt waar sorry,ik begrijp het als jullie het opgeven hoor

Jean-Pierre · 10 juni 2010

Zo snel geven we hier niet op hoor.

Probeer het anders eens in veilige modus,tijdens het opstarten op de F8 toets blijven tokkelen en dan kiezen voor veilige modus .

STEFKE · 10 juni 2010

Voor ik iets verkeerd doe 1)heb je het over de commando's intikken in veilge mode en dan normaal en opnieuw combofix downloaden.

2) veilige mode met netwerk heb ik nog nooit gedaan en kan ik dan zo opnieuw downloaden?

Uit veiligheid wacht ik op bevestiging:stupid:

kape · 10 juni 2010

In "veilige modus" met netwerk mag je zowel dat item verwijderen, als ComboFix downloaden. Indien we een log van ComboFix te zien krijgen, kunnen we uitmaken wat er nog van F-Secure is achtergebleven ?

STEFKE · 10 juni 2010

ComboFix 10-06-10.02 - Stephanie 10/06/2010 22:10:20.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.202 [GMT 2:00]

Running from: d:\mydocuments\Downloads\ComboFix.exe

AV: F-Secure Internet Security 2006 6.12 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Internet Security 2006 6.12 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))

.

2010-06-09 21:32 . 2010-06-09 21:32 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-09 19:46 . 2010-06-09 19:46 -------- d-----w- c:\program files\Bonjour

2010-06-09 19:46 . 2010-06-09 19:46 -------- d-----w- c:\program files\Frontura

2010-06-09 19:45 . 2010-06-09 19:46 -------- d-----w- c:\program files\LimeWire

2010-06-09 19:45 . 2010-06-09 19:46 -------- d-----w- c:\documents and settings\Stephanie\Application Data\LimeWire

2010-06-09 19:42 . 2010-06-09 19:42 -------- d-----w- c:\program files\uTorrent

2010-06-09 19:42 . 2010-06-09 19:42 -------- d-----w- c:\program files\LimeWire Plus

2010-06-09 19:39 . 2010-06-10 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-09 18:59 . 2010-06-09 19:37 -------- d-----w- c:\program files\RegistryBooster

2010-06-09 18:30 . 2010-06-09 18:30 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-05-12 16:38 . 2010-05-12 16:38 -------- d-----w- c:\documents and settings\Stephanie\Application Data\ispnews

2010-05-12 14:19 . 2005-11-18 15:04 70896 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2010-05-12 14:19 . 2005-11-18 15:04 33584 ----a-w- c:\windows\system32\drivers\fsndis5.sys

2010-05-12 14:18 . 2010-05-12 14:18 -------- d-----w- c:\windows\rnapxs

2010-05-12 14:18 . 2010-05-12 14:18 1187840 ----a-w- c:\windows\system32\winsflt.dll

2010-05-12 14:18 . 2005-11-08 04:47 1716224 ----a-w- c:\windows\system32\winsflte.dll

2010-05-12 14:18 . 2005-11-08 04:46 1236992 ----a-w- c:\windows\system32\cfgmig32.dll

2010-05-12 14:14 . 2010-05-12 14:14 118842 ------r- c:\windows\bwUnin-6.3.2.123-4476822L.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-10 20:02 . 2009-06-05 17:43 -------- d-----w- c:\documents and settings\Stephanie\Application Data\uTorrent

2010-06-10 18:03 . 2009-06-10 10:15 -------- d-----w- c:\documents and settings\Stephanie\Application Data\HPAppData

2010-06-10 17:43 . 2009-05-20 07:37 -------- d-----w- c:\program files\F-Secure Internet Security

2010-06-09 19:42 . 2010-03-20 06:31 -------- d-----w- c:\program files\Common Files\PC Tools

2010-06-09 19:42 . 2009-12-09 20:33 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-08 12:23 . 2008-08-18 15:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-05-12 14:18 . 2009-05-20 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure

2010-05-05 06:55 . 2009-09-02 16:38 -------- d-----w- c:\documents and settings\Stephanie\Application Data\HpUpdate

2010-04-29 13:39 . 2009-05-20 11:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2009-05-20 11:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-19 16:51 . 2010-04-19 16:48 23113 ----a-w- c:\windows\hpqins15.dat

2010-04-19 08:15 . 2009-06-10 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2010-04-19 08:15 . 2010-04-19 08:14 77378 ----a-w- c:\windows\hpqins05.dat

2010-03-26 08:33 . 2010-04-29 04:51 1496064 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-03-26 08:33 . 2010-04-29 04:51 43008 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-03-26 08:33 . 2010-04-29 04:51 339456 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-03-26 08:32 . 2010-04-29 04:51 346112 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-03-20 06:44 . 2010-03-20 06:44 152576 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-03-20 06:43 . 2010-03-20 06:43 79488 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-05-13 12:55 . 2009-05-13 12:58 64852304 ----a-w- c:\program files\avg_free_stf_en_85_329a1515.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-06 319280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 352256]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\helpdesk.TRAINING-02\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-6-29 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:Dutch /KBD:2

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lancement rapide d'Adobe Acrobat.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lancement rapide d'Adobe Acrobat.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]

2006-05-09 09:54 352256 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\JAlbum7.1\\JAlbumWin.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"427:UDP"= 427:UDP:SLP_Port(427)

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [12/05/2010 16:19 70896]

S2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [?]

S2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys --> c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [?]

S2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys --> c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/11/2007 22:22 34064]

S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]

S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

S4 BackWeb Plug-in - 4476822;F-Secure 2006;c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE --> c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyServer = proxy:8080

uInternet Settings,ProxyOverride = <local>;*.local

IE: &Deze pop-up blokkeren - c:\program files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

LSP: winsflt.dll

Trusted Zone: intranet

Trusted Zone: tucrail.be

Trusted Zone: tucrail.be\extranet

FF - ProfilePath - c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: network.proxy.ftp - proxy

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - proxy

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - proxy

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - proxy

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - proxy

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-hpqSRMon - (no file)

HKLM-Run-News Service - c:\program files\F-Secure Internet Security\FSGUI\ispnews.exe

AddRemove-F-Secure Anti-Spyware - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure Anti-Spyware Scanner - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure Anti-Virus - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure Anti-Virus Client Security Installer - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure DAAS - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure Diagnostics - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure E-mail Scanning - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure FWES - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure GUI - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure Help - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure Internet Shield - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure Management Agent - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure Spam Control - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure Spam Scanner - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure TNB - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-F-Secure Web Filter - c:\program files\F-Secure Internet Security\fsuninst.exe

AddRemove-News Service - c:\program files\F-Secure Internet Security\fsuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-10 22:15

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1488)

c:\windows\system32\WININET.dll

.

Completion time: 2010-06-10 22:19:00

ComboFix-quarantined-files.txt 2010-06-10 20:18

Pre-Run: 2.863.300.608 bytes free

Post-Run: 3.526.397.952 bytes free

- - End Of File - - 0248F09C4E4D454FBFB3851E3B784FA3

Goh ik hoop dat jullie er aan uit kunnen, dit was dus in Safe Mode met netwerk, maar tijdens test heeft hij toch het netwerk afgezet... Enfin nog maar eens bedankt hé

kape · 11 juni 2010

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys

c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys

c:\windows\system32\drivers\fsndis5.sys

c:\windows\system32\drivers\fsdfw.sys

c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys

c:\windows\system32\PavSRK.sys

c:\windows\system32\PavTPK.sys

c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

c:\program files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

Folder::

c:\program files\F-Secure Internet Security

c:\documents and settings\All Users\Application Data\f-secure

Driver::

FSFW

F-Secure Filter

F-Secure Gatekeeper

F-Secure Recognizer

fsndis5

fsdfw

PavSRK.sys

PavTPK.sys

BackWeb Plug-in - 4476822

F-Secure 2006

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

STEFKE · 11 juni 2010

ComboFix 10-06-10.02 - Stephanie 11/06/2010 18:40:27.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.140 [GMT 2:00]

Running from: d:\mydocuments\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Stephanie\Desktop\CFScript.txt

AV: F-Secure Internet Security 2006 6.12 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Internet Security 2006 6.12 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

"c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE"

"c:\program files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm"

"c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys"

"c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys"

"c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys"

"c:\windows\system32\drivers\fsdfw.sys"

"c:\windows\system32\drivers\fsndis5.sys"

"c:\windows\system32\PavSRK.sys"

"c:\windows\system32\PavTPK.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\f-secure

c:\documents and settings\All Users\Application Data\f-secure\Daas2\acl\fsc_revoke_hq.acl

c:\documents and settings\All Users\Application Data\f-secure\Daas2\acl\fsc_root.acl

c:\documents and settings\All Users\Application Data\f-secure\Daas2\cert\fsc (revoke hq).crl

c:\documents and settings\All Users\Application Data\f-secure\logs\custom\custinstall.log

c:\documents and settings\All Users\Application Data\f-secure\logs\DAAS2\DAAS2INS.LOG

c:\documents and settings\All Users\Application Data\f-secure\logs\DAAS2\Daas2Uni.LOG

c:\documents and settings\All Users\Application Data\f-secure\logs\FSFW\action.log

c:\documents and settings\All Users\Application Data\f-secure\logs\FSMA\fsma.log

c:\documents and settings\All Users\Application Data\f-secure\logs\ilaunchr.log

c:\documents and settings\All Users\Application Data\f-secure\logs\ORSP Client\ORSPINST.LOG

c:\documents and settings\All Users\Application Data\f-secure\logs\ORSP Client\OrspUnin.LOG

c:\documents and settings\All Users\Application Data\f-secure\setup\ih8.cfg

c:\program files\F-Secure Internet Security

c:\program files\F-Secure Internet Security\Common\fpshx.dll

c:\program files\F-Secure Internet Security\Common\FSMA32.DLL

c:\program files\F-Secure Internet Security\Common\FSPMAPI.DLL

c:\windows\system32\drivers\fsdfw.sys

c:\windows\system32\drivers\fsndis5.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BACKWEB_PLUG-IN_-_4476822

-------\Legacy_F-SECURE_FILTER

-------\Legacy_F-SECURE_GATEKEEPER

-------\Legacy_F-SECURE_RECOGNIZER

-------\Legacy_FSFW

-------\Legacy_PAVSRK.SYS

-------\Legacy_PAVTPK.SYS

-------\Service_BackWeb Plug-in - 4476822

-------\Service_F-Secure Filter

-------\Service_F-Secure Gatekeeper

-------\Service_F-Secure Recognizer

-------\Service_FSFW

-------\Service_PavSRK.sys

-------\Service_PavTPK.sys

-------\Legacy_FSDFWD

-------\Legacy_fshttps

-------\Legacy_FSMA

-------\Service_FSDFWD

-------\Service_fshttps

-------\Service_FSMA

((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))