Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

veel virusameldingen .....

None
17 antwoorden
  • Sinds nieuwe install geeft Fsecure zeer veel virusmeldingen én zijn de bestanden op mn externe schijf niet meer benaderbaar.
    Mappen worden gezien alss snelkoppelinng en vervolgens Nada

    MBAM

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Databaseversie: 8285

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    1-12-2011 16:17:38
    mbam-log-2011-12-01 (16-17-26).txt

    Scantype: Snelle scan
    Objecten gescand: 158643
    Verstreken tijd: 3 minuut/minuten, 0 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 4
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 3

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aijuju (Trojan.Agent) -> Value: Aijuju -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft DLL Registration (Backdoor.Agent) -> Value: Microsoft DLL Registration -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Task Services (Backdoor.PWin.Gen) -> Value: Windows Task Services -> No action taken.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Task Services (Backdoor.PWin.Gen) -> Value: Windows Task Services -> No action taken.

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\users\.anjo\appdata\roaming\aijuju.exe (Trojan.Agent) -> No action taken.
    c:\users\.anjo\appdata\roaming\2af5.tmp (Trojan.Agent) -> No action taken.
    c:\users\.anjo\appdata\roaming\6735.tmp (Trojan.Agent) -> No action taken.


    HJT na reboot

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:20:18, on 1-12-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TeamViewer\Version6\TeamViewer.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Internetbeveiliging\Common\FSM32.EXE
    C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll
    O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [Rocketdock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiliging\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Windows Task Services] C:\Users\.Anjo\AppData\Roaming\17C.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [Windows Task Services] C:\Users\.Anjo\AppData\Roaming\17C.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\Program Files\MICROS~2\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files\MICROS~2\Office14\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
    O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O21 - SSODL: Windows Task Services - C:\Users\.Anjo\AppData\Roaming\17C.exe - (no file)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe
    O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\Users\ANJO~1\AppData\Local\Temp\Rar$EX67.376\Folding@home-Win32-x86.exe (file missing)
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe


    End of file - 6832 bytes

    Fsecure

    2011-11-30T02:07:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59201
    2011-11-30T02:07:59+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:08:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63296
    2011-11-30T02:08:13+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.82,8332
    2011-11-30T02:08:13+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.153,8332
    2011-11-30T02:08:13+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,46.4.116.147,8332
    2011-11-30T02:08:13+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,176.9.42.247,8332
    2011-11-30T02:08:13+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,192.168.13.4,68
    2011-11-30T02:08:13+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,255.255.255.255,67
    2011-11-30T02:08:29+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:08:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52298
    2011-11-30T02:08:59+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:09:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58311
    2011-11-30T02:09:29+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:09:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53532
    2011-11-30T02:09:59+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:09:59+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:10:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52702
    2011-11-30T02:10:29+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:10:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51565
    2011-11-30T02:10:59+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:11:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58279
    2011-11-30T02:11:29+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:11:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64981
    2011-11-30T02:11:59+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:12:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58071
    2011-11-30T02:12:03+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T02:12:03+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:12:29+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:12:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57242
    2011-11-30T02:12:34+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:13:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:13:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49600
    2011-11-30T02:13:06+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:13:26+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:13:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:13:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55440
    2011-11-30T02:14:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:14:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51718
    2011-11-30T02:14:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:14:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,65145
    2011-11-30T02:15:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:15:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52601
    2011-11-30T02:15:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:15:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57254
    2011-11-30T02:16:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:16:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62653
    2011-11-30T02:16:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:16:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,65076
    2011-11-30T02:17:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:17:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61413
    2011-11-30T02:17:23+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:17:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:17:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59683
    2011-11-30T02:18:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:18:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63354
    2011-11-30T02:18:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:18:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60902
    2011-11-30T02:19:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:19:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50966
    2011-11-30T02:19:10+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T02:19:10+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:19:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:19:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51366
    2011-11-30T02:19:41+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:20:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:20:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58930
    2011-11-30T02:20:13+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:20:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:20:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61877
    2011-11-30T02:21:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:21:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58452
    2011-11-30T02:21:12+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:21:12+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.99,49152
    2011-11-30T02:21:13+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869
    2011-11-30T02:21:13+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869
    2011-11-30T02:21:14+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869
    2011-11-30T02:21:14+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869
    2011-11-30T02:21:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:21:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49495
    2011-11-30T02:22:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:22:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63158
    2011-11-30T02:22:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:22:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54602
    2011-11-30T02:23:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:23:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50043
    2011-11-30T02:23:19+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,53982
    2011-11-30T02:23:19+01:00,info,appl control,C:\Program Files\Internetbeveiliging\Common\FSHDLL32.EXE,allow,connect out,6,193.66.251.101,80
    2011-11-30T02:23:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:23:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61784
    2011-11-30T02:24:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:24:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63984
    2011-11-30T02:24:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:24:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60940
    2011-11-30T02:24:47+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:25:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:25:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62590
    2011-11-30T02:25:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:25:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56277
    2011-11-30T02:26:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:26:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62455
    2011-11-30T02:26:17+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T02:26:17+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:26:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:26:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51471
    2011-11-30T02:26:48+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:27:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:27:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57325
    2011-11-30T02:27:20+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:27:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:27:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59705
    2011-11-30T02:28:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:28:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58472
    2011-11-30T02:28:20+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:28:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:28:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59611
    2011-11-30T02:29:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:29:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64648
    2011-11-30T02:29:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:29:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54986
    2011-11-30T02:29:33+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.82,8332
    2011-11-30T02:29:33+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.153,8332
    2011-11-30T02:29:33+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,46.4.116.147,8332
    2011-11-30T02:29:33+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,176.9.42.247,8332
    2011-11-30T02:30:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:30:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62611
    2011-11-30T02:30:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:30:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59272
    2011-11-30T02:31:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:31:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54133
    2011-11-30T02:31:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:31:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49304
    2011-11-30T02:32:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:32:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57792
    2011-11-30T02:32:11+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:32:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:32:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49548
    2011-11-30T02:33:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:33:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52263
    2011-11-30T02:33:24+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T02:33:24+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:33:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:33:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61749
    2011-11-30T02:33:55+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:34:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:34:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63721
    2011-11-30T02:34:27+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:34:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:34:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55673
    2011-11-30T02:35:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:35:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63054
    2011-11-30T02:35:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:35:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59902
    2011-11-30T02:36:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:36:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56350
    2011-11-30T02:36:12+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,64158
    2011-11-30T02:36:12+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,51308
    2011-11-30T02:36:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:36:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62960
    2011-11-30T02:37:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:37:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64381
    2011-11-30T02:37:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:37:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50924
    2011-11-30T02:38:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:38:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49490
    2011-11-30T02:38:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:38:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64230
    2011-11-30T02:39:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:39:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54387
    2011-11-30T02:39:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:39:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59180
    2011-11-30T02:39:35+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:40:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:40:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58192
    2011-11-30T02:40:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:40:31+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T02:40:31+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:40:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58553
    2011-11-30T02:41:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:41:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:41:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63116
    2011-11-30T02:41:17+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:41:17+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.99,49152
    2011-11-30T02:41:17+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869
    2011-11-30T02:41:17+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869
    2011-11-30T02:41:18+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869
    2011-11-30T02:41:18+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869
    2011-11-30T02:41:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:41:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59285
    2011-11-30T02:41:34+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:42:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:42:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49803
    2011-11-30T02:42:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:42:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64167
    2011-11-30T02:43:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:43:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59443
    2011-11-30T02:43:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:43:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:43:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53335
    2011-11-30T02:44:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:44:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54029
    2011-11-30T02:44:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:44:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52450
    2011-11-30T02:45:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:45:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,65336
    2011-11-30T02:45:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:45:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58223
    2011-11-30T02:46:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:46:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59427
    2011-11-30T02:46:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:46:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55463
    2011-11-30T02:46:59+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:47:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:47:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49301
    2011-11-30T02:47:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:47:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57866
    2011-11-30T02:47:38+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T02:47:38+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:48:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:48:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56988
    2011-11-30T02:48:09+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:48:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:48:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60684
    2011-11-30T02:48:41+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:49:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:49:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64774
    2011-11-30T02:49:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:49:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53082
    2011-11-30T02:50:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:50:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58808
    2011-11-30T02:50:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:50:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64576
    2011-11-30T02:50:53+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.82,8332
    2011-11-30T02:50:53+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.153,8332
    2011-11-30T02:50:53+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,46.4.116.147,8332
    2011-11-30T02:50:53+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,176.9.42.247,8332
    2011-11-30T02:51:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:51:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49591
    2011-11-30T02:51:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:51:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63515
    2011-11-30T02:52:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:52:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59764
    2011-11-30T02:52:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:52:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59267
    2011-11-30T02:53:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:53:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53577
    2011-11-30T02:53:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:53:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52588
    2011-11-30T02:54:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:54:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62415
    2011-11-30T02:54:23+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:54:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:54:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53886
    2011-11-30T02:54:45+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T02:54:45+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:55:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:55:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55935
    2011-11-30T02:55:16+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:55:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:55:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62885
    2011-11-30T02:55:48+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T02:56:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:56:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55864
    2011-11-30T02:56:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:56:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52705
    2011-11-30T02:57:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:57:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57586
    2011-11-30T02:57:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:57:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59660
    2011-11-30T02:58:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:58:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,65050
    2011-11-30T02:58:08+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T02:58:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:58:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50003
    2011-11-30T02:59:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:59:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57358
    2011-11-30T02:59:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T02:59:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54918
    2011-11-30T03:00:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:00:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57636
    2011-11-30T03:00:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:00:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62379
    2011-11-30T03:01:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:01:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51391
    2011-11-30T03:01:22+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T03:01:22+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.99,49152
    2011-11-30T03:01:22+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.1,2869
    2011-11-30T03:01:22+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.1,2869
    2011-11-30T03:01:23+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869
    2011-11-30T03:01:23+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869
    2011-11-30T03:01:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:01:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56072
    2011-11-30T03:01:47+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T03:01:52+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T03:01:52+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:02:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:02:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53504
    2011-11-30T03:02:23+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:02:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:02:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55822
    2011-11-30T03:02:55+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:03:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:03:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64257
    2011-11-30T03:03:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:03:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55057
    2011-11-30T03:04:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:04:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63142
    2011-11-30T03:04:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:04:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62516
    2011-11-30T03:05:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:05:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51037
    2011-11-30T03:05:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:05:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58779
    2011-11-30T03:06:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:06:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52412
    2011-11-30T03:06:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:06:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51578
    2011-11-30T03:07:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:07:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58165
    2011-11-30T03:07:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:07:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60604
    2011-11-30T03:08:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:08:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53462
    2011-11-30T03:08:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:08:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63024
    2011-11-30T03:08:59+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T03:08:59+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:09:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:09:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58068
    2011-11-30T03:09:11+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T03:09:30+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:09:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:09:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49436
    2011-11-30T03:10:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:10:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:10:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50594
    2011-11-30T03:10:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:10:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64421
    2011-11-30T03:11:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:11:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59400
    2011-11-30T03:11:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:11:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50869
    2011-11-30T03:12:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:12:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59371
    2011-11-30T03:12:14+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.82,8332
    2011-11-30T03:12:14+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.153,8332
    2011-11-30T03:12:14+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,46.4.116.147,8332
    2011-11-30T03:12:14+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,176.9.42.247,8332
    2011-11-30T03:12:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,49696
    2011-11-30T03:12:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,192.168.13.4,68
    2011-11-30T03:12:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,255.255.255.255,67
    2011-11-30T03:12:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,::,58304
    2011-11-30T03:12:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,64588
    2011-11-30T03:12:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:12:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52183
    2011-11-30T03:13:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:13:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60240
    2011-11-30T03:13:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T03:13:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:13:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49520
    2011-11-30T03:14:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:14:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50634
    2011-11-30T03:14:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:14:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57703
    2011-11-30T03:15:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:15:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50606
    2011-11-30T03:15:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:15:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53668
    2011-11-30T03:16:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:16:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63839
    2011-11-30T03:16:06+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T03:16:06+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:16:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:16:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52909
    2011-11-30T03:16:35+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T03:16:37+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:17:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:17:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56840
    2011-11-30T03:17:09+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:17:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:17:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58213
    2011-11-30T03:18:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:18:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53321
    2011-11-30T03:18:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:18:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51811
    2011-11-30T03:19:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:19:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64189
    2011-11-30T03:19:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:19:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54211
    2011-11-30T03:20:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:20:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58591
    2011-11-30T03:20:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:20:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61306
    2011-11-30T03:21:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:21:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52489
    2011-11-30T03:21:27+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T03:21:27+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.99,49152
    2011-11-30T03:21:28+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::919D:78D9:BC81:DAD7,2869
    2011-11-30T03:21:28+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::919D:78D9:BC81:DAD7,2869
    2011-11-30T03:21:29+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869
    2011-11-30T03:21:29+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869
    2011-11-30T03:21:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:21:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56204
    2011-11-30T03:22:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:22:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64874
    2011-11-30T03:22:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:22:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61890
    2011-11-30T03:23:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:23:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59566
    2011-11-30T03:23:13+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T03:23:13+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:23:20+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,54483
    2011-11-30T03:23:20+01:00,info,appl control,C:\Program Files\Internetbeveiliging\Common\FSHDLL32.EXE,allow,connect out,6,193.66.251.102,80
    2011-11-30T03:23:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:23:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51764
    2011-11-30T03:23:44+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:23:59+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T03:24:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:24:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64604
    2011-11-30T03:24:16+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:24:21+01:00,info,general,daemon,Policy file has been reloaded.
    2011-11-30T03:24:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:24:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58694
    2011-11-30T03:24:56+01:00,info,general,daemon,Policy file has been reloaded.
    2011-11-30T03:25:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:25:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55142
    2011-11-30T03:25:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:25:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52352
    2011-11-30T03:26:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:26:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54301
    2011-11-30T03:26:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:26:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62132
    2011-11-30T03:27:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:27:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64252
    2011-11-30T03:27:05+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,59182
    2011-11-30T03:27:05+01:00,info,appl control,C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe,allow,connect out,6,217.110.97.200,80
    2011-11-30T03:27:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:27:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55288
    2011-11-30T03:27:56+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T03:28:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:28:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51588
    2011-11-30T03:28:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:28:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60504
    2011-11-30T03:29:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:29:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,65044
    2011-11-30T03:29:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:29:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62409
    2011-11-30T03:30:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:30:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51248
    2011-11-30T03:30:20+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546
    2011-11-30T03:30:20+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:30:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:30:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62887
    2011-11-30T03:30:51+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:31:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:31:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57370
    2011-11-30T03:31:23+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547
    2011-11-30T03:31:23+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900
    2011-11-30T03:31:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:31:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61668
    2011-11-30T03:32:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001
    2011-11-30T03:32:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63316
  • Als ik een map benader op de externe schijf, opent die alleen almet Reklik en "bestandslocatie Openeen

    Elke map laat t volgende zien

    [img:5092ee6c66]http://i734.photobucket.com/albums/ww342/AnjoZwartkruis/Smap.jpg[/img:5092ee6c66]
  • Hoe heb jij die nieuwe installatie gedaan?

    Was alle apparatuur en ook de internetkabel met jouw PC verbonden?
    Want wat ik uit het MBAM-log haal zijn doorgaans die meldingen die voortkomen uit het gebruik van kegens!
    En waarom heb je MBAM die files niet laten verwijderen?
  • Er draait als test een gekraakte Auslogics, dat klopt.
    :oops:

    Teveel betaalde programma's gehad die absoluut niet deden wat ze zeiden.
    Maar deze Auslogics doet wat t beloofd en wordt binnenkort braaf aangeschaft, net als mijn 9 Windows versies en Office, Nero en Fsecure betaald zijn
    Zoonlief heeft meen ik wel Kraagle??? erop gehad maar dat heb ik ASAP eraf gekletterd toen ik zag wat dat deed

    Wel een aantal films gedownload via spotplanet.org, kunnen die besmet zijn geweest??

    En de inhoud van die externe mappen, ik ben bang dat daar een onbewuste knop+scroll actie de zaak vernaggeld heeft

    Log was voordat MBAM de zaak eraf haalde en een herstart.

    Inet was idd verbonden omdat MS vraagt om meteen te updaten, altijd zo gedaan
  • Auslogics Diskdefrag is gratis hoor.

    Waar heb jij die zogenaamde "gekraakte" dan vandaan?

    Alleen Boostspeed van Auslogics is te betalen!

    Altijd de internetverbinding kappen aleer je Windows installeert.
    Dat updaten gaat via een onbeveiligde verbindin en hackers weten dat ook al jaren!


    [b:eff8daf78a]Welk programma[/b:eff8daf78a]: ComboFix
    [b:eff8daf78a]Waarvoor/waarom[/b:eff8daf78a]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:eff8daf78a]Moeilijkheidsgraad[/b:eff8daf78a]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:eff8daf78a]Downloadlokatie[/b:eff8daf78a]: Dit programma absoluut naar het bureaublad downloaden!
    [b:eff8daf78a]Download ComboFix via één van deze locaties[/b:eff8daf78a]:
    [list:eff8daf78a][*:eff8daf78a][b:eff8daf78a]Bleepingcomputer[/b:eff8daf78a]
    [*:eff8daf78a][b:eff8daf78a]ForoSpyware[/b:eff8daf78a]
    [*:eff8daf78a][b:eff8daf78a]Geekstogo[/b:eff8daf78a][/list:u:eff8daf78a]
    [b:eff8daf78a]Hier[/b:eff8daf78a] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:eff8daf78a]Hier[/b:eff8daf78a] en [b:eff8daf78a]hier[/b:eff8daf78a] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:eff8daf78a]Voor alle duidelijkheid nogmaals[/b:eff8daf78a]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:eff8daf78a]Opmerkingen[/b:eff8daf78a]:
    [list:eff8daf78a][*:eff8daf78a] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:eff8daf78a]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:eff8daf78a]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:eff8daf78a]
    [b:eff8daf78a]ComboFix is opgestart[/b:eff8daf78a]:
    [list:eff8daf78a][*:eff8daf78a]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:eff8daf78a]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:eff8daf78a]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:eff8daf78a]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:eff8daf78a]Post de inhoud van dit logbestand in je volgende bericht.
    [*:eff8daf78a]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:eff8daf78a]
    [b:eff8daf78a]Belangrijke opmerking[/b:eff8daf78a]:
    [list:eff8daf78a][*:eff8daf78a][b:eff8daf78a]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:eff8daf78a][/b:eff8daf78a]
    [*:eff8daf78a][b:eff8daf78a]Illegal operation attempted on a registery key that has been marked for deletion.[/color:eff8daf78a][/b:eff8daf78a]
    [*:eff8daf78a][b:eff8daf78a]Start dan de computer opnieuw op.[/color:eff8daf78a][/b:eff8daf78a][/list:u:eff8daf78a]
  • Boostspeed is-meen ik via datCraglegebeuren binnengehaald.
    Zoonlief zit op St Maarten , kan m niet even vragen LOL

    ComboFix 11-12-01.01 - .Anjo 01-12-2011 18:04:28.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3583.2525 [GMT 1:00]
    Gestart vanuit: c:\users\.Anjo\Desktop\ComboFix.exe
    AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\.Anjo\AppData\Roaming\.Anjolog.dat
    c:\users\.Anjo\AppData\Roaming\20EC.exe
    c:\users\.Anjo\AppData\Roaming\D3BB.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-11-01 to 2011-12-01 ))))))))))))))))))))))))))))))
    .
    .
    2011-12-01 17:08 . 2011-12-01 17:08 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-12-01 15:17 . 2011-12-01 15:17 ——– d—–w- c:\program files\Trend Micro
    2011-12-01 15:13 . 2011-12-01 15:13 ——– d—–w- c:\programdata\Malwarebytes
    2011-12-01 15:13 . 2011-12-01 15:13 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-01 15:13 . 2011-08-31 16:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-29 13:14 . 2011-10-18 00:28 6668624 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DE2E217-1B0C-4AFB-870D-6EB87DA157AA}\mpengine.dll
    2011-11-27 22:58 . 2011-11-27 22:58 ——– d—–w- c:\program files\AutoUnpack
    2011-11-25 09:01 . 2011-11-25 09:02 ——– d—–w- c:\program files\Microsoft Visual Studio 9.0
    2011-11-25 09:01 . 2011-11-25 09:01 ——– d—–w- c:\program files\Microsoft SDKs
    2011-11-25 09:01 . 2011-11-25 09:01 ——– d—–w- c:\program files\Common Files\Corel
    2011-11-25 09:01 . 2011-11-25 09:01 ——– d—–w- c:\programdata\Corel
    2011-11-25 08:58 . 2011-11-25 08:58 ——– d—–w- c:\program files\Corel
    2011-11-25 08:47 . 2011-11-25 08:47 ——– d—–w- c:\programdata\Sync App Settings
    2011-11-25 08:47 . 2011-11-25 08:47 ——– d—–w- c:\program files\Allway Sync
    2011-11-24 14:49 . 2011-11-24 14:49 10057216 —-a-w- C:\FahCore_a4.exe
    2011-11-24 14:45 . 2011-11-25 00:09 ——– d—–w- C:\work
    2011-11-24 08:57 . 2011-11-24 08:57 ——– d—–w- c:\program files\Microsoft Silverlight
    2011-11-23 14:04 . 2011-11-23 14:04 ——– d—–w- C:\Mijn muziek
    2011-11-23 09:42 . 2011-11-23 09:42 ——– d—–w- c:\program files\PixiePack Codec Pack
    2011-11-23 09:41 . 2011-11-23 09:41 ——– d—–w- c:\programdata\RapidSolution
    2011-11-23 09:41 . 2011-11-23 09:41 ——– d—–w- c:\program files\RapidSolution
    2011-11-22 19:29 . 2011-11-22 19:30 ——– d—–w- c:\program files\MediaMonkey
    2011-11-22 19:13 . 2011-11-22 19:13 ——– d—–w- c:\program files\AnvSoft
    2011-11-22 18:12 . 2011-11-22 18:19 ——– d—–w- c:\program files\Nero
    2011-11-22 18:12 . 2011-11-22 18:14 ——– d—–w- c:\programdata\Nero
    2011-11-22 18:12 . 2011-11-22 18:19 ——– d—–w- c:\program files\Common Files\Nero
    2011-11-22 18:12 . 2011-11-22 18:12 ——– d—–w- c:\program files\Ask.com
    2011-11-22 12:24 . 2011-11-22 12:24 ——– d—–w- c:\programdata\Messenger Plus!
    2011-11-22 11:22 . 2011-11-22 11:22 ——– d—–w- C:\NST
    2011-11-22 11:22 . 2011-11-22 11:22 ——– d—–w- c:\program files\NeoSmart Technologies
    2011-11-22 10:47 . 2011-11-22 10:47 ——– d—–w- c:\program files\VideoLAN
    2011-11-22 10:46 . 2011-11-22 10:46 ——– d—–w- c:\program files\Google
    2011-11-22 10:45 . 2011-11-22 10:45 ——– d—–w- c:\program files\Spirent Communications
    2011-11-22 10:44 . 2011-11-22 10:46 ——– d—–w- c:\program files\HTC
    2011-11-22 10:44 . 2011-11-22 10:44 ——– d—–w- c:\program files\MSXML 4.0
    2011-11-22 10:24 . 2011-11-22 10:41 42672 —-a-w- c:\windows\system32\drivers\fsbts.sys
    2011-11-22 10:24 . 2011-11-22 11:08 36792 —-a-w- c:\windows\system32\drivers\fses.sys
    2011-11-22 10:24 . 2011-11-22 11:09 73160 —-a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-11-22 10:24 . 2011-11-22 11:10 ——– d—–w- c:\program files\Internetbeveiliging
    2011-11-22 10:23 . 2011-11-22 10:23 ——– d—–w- c:\program files\Auslogics
    2011-11-22 10:20 . 2011-11-22 10:23 ——– d—–w- c:\programdata\fssg
    2011-11-22 10:19 . 2011-11-22 10:24 ——– d—–w- c:\programdata\f-secure
    2011-11-22 10:14 . 2011-11-22 10:14 ——– d—–w- C:\My Music
    2011-11-22 10:07 . 2011-11-22 10:07 ——– d—–w- C:\NZB Auto Import Folder
    2011-11-22 10:00 . 2011-11-22 10:00 ——– d—–w- c:\program files\TeamViewer
    2011-11-22 09:29 . 2011-11-22 09:29 ——– d—–w- c:\program files\Common Files\logishrd
    2011-11-22 09:24 . 2011-11-22 09:24 ——– d—–w- c:\program files\Microsoft Synchronization Services
    2011-11-22 09:23 . 2011-11-22 09:23 ——– d—–w- c:\windows\PCHEALTH
    2011-11-22 09:23 . 2011-11-22 09:23 ——– d—–w- c:\program files\Microsoft Sync Framework
    2011-11-22 09:23 . 2011-11-22 09:23 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
    2011-11-22 09:23 . 2011-11-22 09:23 ——– d—–w- c:\program files\Microsoft Visual Studio 8
    2011-11-22 09:22 . 2011-11-22 09:22 ——– d—–w- c:\program files\Microsoft Analysis Services
    2011-11-22 09:22 . 2011-11-27 00:20 ——– d—–w- c:\programdata\Microsoft Help
    2011-11-22 09:21 . 2011-11-22 09:21 ——– d—–r- C:\MSOCache
    2011-11-22 09:14 . 2011-11-22 09:14 0 —-a-w- c:\windows\ativpsrm.bin
    2011-11-22 09:06 . 2008-08-20 17:35 453152 —-a-w- c:\windows\system32
    vuninst.exe
    2011-11-22 09:03 . 2011-11-22 09:03 ——– d—–w- c:\program files\Realtek
    2011-11-22 08:25 . 2011-11-22 08:25 ——– d—–w- c:\program files\NewsLeecher
    2011-11-22 08:23 . 2007-05-23 20:22 89600 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
    2011-11-22 08:16 . 2011-11-22 08:16 ——– d—–w- c:\programdata\Innovative Solutions
    2011-11-22 08:15 . 2011-11-22 08:15 ——– d—–w- c:\program files\Innovative Solutions
    2011-11-22 08:11 . 2011-09-29 16:17 1303920 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-22 08:11 . 2011-09-29 16:17 187760 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2011-11-22 08:11 . 2011-10-01 04:37 708608 —-a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-22 08:11 . 2011-08-17 04:24 465408 —-a-w- c:\windows\system32\psisdecd.dll
    2011-11-22 08:11 . 2011-08-17 04:19 75776 —-a-w- c:\windows\system32\psisrndr.ax
    2011-11-22 08:11 . 2011-08-27 04:26 571904 —-a-w- c:\windows\system32\oleaut32.dll
    2011-11-22 08:11 . 2011-08-27 04:26 233472 —-a-w- c:\windows\system32\oleacc.dll
    2011-11-22 08:11 . 2011-09-29 03:37 2341888 —-a-w- c:\windows\system32\win32k.sys
    2011-11-22 06:18 . 2011-11-25 10:53 ——– d—–w- c:\users\.Anjo
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d—–w- C:\Recovery
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\users\Default\Sjablonen
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\users\Default\Netwerkprinteromgeving
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\users\Default\Mijn documenten
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\users\Default\Menu Start
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\users\Default\AppData\Local\Geschiedenis
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\programdata\Sjablonen
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\programdata\Menu Start
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\programdata\Favorieten
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\programdata\Documenten
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\programdata\Bureaublad
    2011-11-21 22:42 . 2011-11-21 22:42 ——– d—–w- c:\windows\ConfigSetRoot
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-22 11:21 . 2011-08-06 15:16 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 04:06 . 2011-08-06 15:20 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-11-21 04:40 . 2011-11-22 08:12 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 15:50 1197448 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Rocketdock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 10:55 937920 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 13:54 91520 —-a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
    2011-10-19 10:09 9251240 —-a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
    2011-10-19 10:09 9251240 —-a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2011-03-06 08:19 3872080 —-a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
    2011-10-24 15:51 801792 —-a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    2007-09-02 11:58 495616 —-a-w- c:\program files\RocketDock\RocketDock.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-08-06 77184]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1343400]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-11-22 42672]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-11-22 36792]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-11-22 73160]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-08-06 48640]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 176128]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
    S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-13 8598528]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-13 257024]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-11-22 148632]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-11-22 61088]
    S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS
    etr28.sys [2010-12-30 1017184]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
    2010-02-16 18:02 114688 —-a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl
    IE: &Verzenden naar OneNote - c:\program files\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\program files\MICROS~2\Office14\EXCEL.EXE/3000
    LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    FF - ProfilePath - c:\users\.Anjo\AppData\Roaming\Mozilla\Firefox\Profiles\uwm8kbs3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKCU-Run-Windows Task Services - c:\users\.Anjo\AppData\Roaming\17C.exe
    HKLM-Run-Windows Task Services - c:\users\.Anjo\AppData\Roaming\17C.exe
    SSODL-Windows Task Services-c:\users\.Anjo\AppData\Roaming\17C.exe - (no file)
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(580)
    c:\program files\internetbeveiliging\hips\fshook32.dll
    .
    - - - - - - - > 'lsass.exe'(592)
    c:\program files\internetbeveiliging\hips\fshook32.dll
    .
    Voltooingstijd: 2011-12-01 18:09:29
    ComboFix-quarantined-files.txt 2011-12-01 17:09
    .
    Pre-Run: 285.291.601.920 bytes beschikbaar
    Post-Run: 285.406.130.176 bytes beschikbaar
    .
    - - End Of File - - 9B031842CFAE5447E9B5F88387038295
  • Ik vind zowel een file van ATI alsook van NVidia????????????

    Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn.
    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:6586742af9]Kladblok (of Notepad)[/b:6586742af9]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:6586742af9]KILLALL::

    Folder::
    c:\program files\Ask.com
    [/b:6586742af9]


    Sla dit kladblokbestand op je bureaublad op als [b:6586742af9]CFScript.txt[/b:6586742af9].

    [b:6586742af9]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/b:6586742af9]


    Sleep CFScript.txt in ComboFix.exe


    [img:6586742af9]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:6586742af9]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!


    [b:6586742af9]Belangrijke opmerking[/b:6586742af9]:
    [list:6586742af9][*:6586742af9][b:6586742af9]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:6586742af9][/b:6586742af9]
    [*:6586742af9][b:6586742af9]Illegal operation attempted on a registery key that has been marked for deletion.[/color:6586742af9][/b:6586742af9]
    [*:6586742af9][b:6586742af9]Start dan de computer opnieuw op.[/color:6586742af9][/b:6586742af9][/list:u:6586742af9]
  • Iets geheel anders, nl. hoe komt iemand aan zoveel virussen? Dan moet je naar mijn idee toch een heleboel dingen fout doen. Veel computeraars hebben nooit een virus.
  • Snap niet wat je bedoeld met die kleurcodeerder, zie ik niet in kladblok….
    ComboFix 11-12-01.02 - .Anjo 01-12-2011 19:57:15.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3583.2601 [GMT 1:00]
    Gestart vanuit: c:\users\.Anjo\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\.Anjo\Desktop\CFScript.txt
    AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-11-01 to 2011-12-01 ))))))))))))))))))))))))))))))
    .
    .
    2011-12-01 15:17 . 2011-12-01 15:17 ——– d—–w- c:\program files\Trend Micro
    2011-12-01 15:13 . 2011-12-01 15:13 ——– d—–w- c:\programdata\Malwarebytes
    2011-12-01 15:13 . 2011-12-01 15:13 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-01 15:13 . 2011-08-31 16:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-29 13:14 . 2011-10-18 00:28 6668624 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DE2E217-1B0C-4AFB-870D-6EB87DA157AA}\mpengine.dll
    2011-11-27 22:58 . 2011-11-27 22:58 ——– d—–w- c:\program files\AutoUnpack
    2011-11-25 09:01 . 2011-11-25 09:02 ——– d—–w- c:\program files\Microsoft Visual Studio 9.0
    2011-11-25 09:01 . 2011-11-25 09:01 ——– d—–w- c:\program files\Microsoft SDKs
    2011-11-25 09:01 . 2011-11-25 09:01 ——– d—–w- c:\program files\Common Files\Corel
    2011-11-25 09:01 . 2011-11-25 09:01 ——– d—–w- c:\programdata\Corel
    2011-11-25 08:58 . 2011-11-25 08:58 ——– d—–w- c:\program files\Corel
    2011-11-25 08:47 . 2011-11-25 08:47 ——– d—–w- c:\programdata\Sync App Settings
    2011-11-25 08:47 . 2011-11-25 08:47 ——– d—–w- c:\program files\Allway Sync
    2011-11-24 14:49 . 2011-11-24 14:49 10057216 —-a-w- C:\FahCore_a4.exe
    2011-11-24 14:45 . 2011-11-25 00:09 ——– d—–w- C:\work
    2011-11-24 08:57 . 2011-11-24 08:57 ——– d—–w- c:\program files\Microsoft Silverlight
    2011-11-23 14:04 . 2011-11-23 14:04 ——– d—–w- C:\Mijn muziek
    2011-11-23 09:42 . 2011-11-23 09:42 ——– d—–w- c:\program files\PixiePack Codec Pack
    2011-11-23 09:41 . 2011-11-23 09:41 ——– d—–w- c:\programdata\RapidSolution
    2011-11-23 09:41 . 2011-11-23 09:41 ——– d—–w- c:\program files\RapidSolution
    2011-11-22 19:29 . 2011-11-22 19:30 ——– d—–w- c:\program files\MediaMonkey
    2011-11-22 19:13 . 2011-11-22 19:13 ——– d—–w- c:\program files\AnvSoft
    2011-11-22 18:12 . 2011-11-22 18:19 ——– d—–w- c:\program files\Nero
    2011-11-22 18:12 . 2011-11-22 18:14 ——– d—–w- c:\programdata\Nero
    2011-11-22 18:12 . 2011-11-22 18:19 ——– d—–w- c:\program files\Common Files\Nero
    2011-11-22 12:24 . 2011-11-22 12:24 ——– d—–w- c:\programdata\Messenger Plus!
    2011-11-22 11:22 . 2011-11-22 11:22 ——– d—–w- C:\NST
    2011-11-22 11:22 . 2011-11-22 11:22 ——– d—–w- c:\program files\NeoSmart Technologies
    2011-11-22 10:47 . 2011-11-22 10:47 ——– d—–w- c:\program files\VideoLAN
    2011-11-22 10:46 . 2011-11-22 10:46 ——– d—–w- c:\program files\Google
    2011-11-22 10:45 . 2011-11-22 10:45 ——– d—–w- c:\program files\Spirent Communications
    2011-11-22 10:44 . 2011-11-22 10:46 ——– d—–w- c:\program files\HTC
    2011-11-22 10:44 . 2011-11-22 10:44 ——– d—–w- c:\program files\MSXML 4.0
    2011-11-22 10:24 . 2011-11-22 10:41 42672 —-a-w- c:\windows\system32\drivers\fsbts.sys
    2011-11-22 10:24 . 2011-11-22 11:08 36792 —-a-w- c:\windows\system32\drivers\fses.sys
    2011-11-22 10:24 . 2011-11-22 11:09 73160 —-a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-11-22 10:24 . 2011-11-22 11:10 ——– d—–w- c:\program files\Internetbeveiliging
    2011-11-22 10:23 . 2011-11-22 10:23 ——– d—–w- c:\program files\Auslogics
    2011-11-22 10:20 . 2011-11-22 10:23 ——– d—–w- c:\programdata\fssg
    2011-11-22 10:19 . 2011-11-22 10:24 ——– d—–w- c:\programdata\f-secure
    2011-11-22 10:14 . 2011-11-22 10:14 ——– d—–w- C:\My Music
    2011-11-22 10:07 . 2011-11-22 10:07 ——– d—–w- C:\NZB Auto Import Folder
    2011-11-22 10:00 . 2011-11-22 10:00 ——– d—–w- c:\program files\TeamViewer
    2011-11-22 09:29 . 2011-11-22 09:29 ——– d—–w- c:\program files\Common Files\logishrd
    2011-11-22 09:24 . 2011-11-22 09:24 ——– d—–w- c:\program files\Microsoft Synchronization Services
    2011-11-22 09:23 . 2011-11-22 09:23 ——– d—–w- c:\windows\PCHEALTH
    2011-11-22 09:23 . 2011-11-22 09:23 ——– d—–w- c:\program files\Microsoft Sync Framework
    2011-11-22 09:23 . 2011-11-22 09:23 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
    2011-11-22 09:23 . 2011-11-22 09:23 ——– d—–w- c:\program files\Microsoft Visual Studio 8
    2011-11-22 09:22 . 2011-11-22 09:22 ——– d—–w- c:\program files\Microsoft Analysis Services
    2011-11-22 09:22 . 2011-11-27 00:20 ——– d—–w- c:\programdata\Microsoft Help
    2011-11-22 09:21 . 2011-11-22 09:21 ——– d—–r- C:\MSOCache
    2011-11-22 09:14 . 2011-11-22 09:14 0 —-a-w- c:\windows\ativpsrm.bin
    2011-11-22 09:06 . 2008-08-20 17:35 453152 —-a-w- c:\windows\system32
    vuninst.exe
    2011-11-22 09:03 . 2011-11-22 09:03 ——– d—–w- c:\program files\Realtek
    2011-11-22 08:25 . 2011-11-22 08:25 ——– d—–w- c:\program files\NewsLeecher
    2011-11-22 08:23 . 2007-05-23 20:22 89600 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
    2011-11-22 08:16 . 2011-11-22 08:16 ——– d—–w- c:\programdata\Innovative Solutions
    2011-11-22 08:15 . 2011-11-22 08:15 ——– d—–w- c:\program files\Innovative Solutions
    2011-11-22 08:11 . 2011-09-29 16:17 1303920 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-22 08:11 . 2011-09-29 16:17 187760 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2011-11-22 08:11 . 2011-10-01 04:37 708608 —-a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-22 08:11 . 2011-08-17 04:24 465408 —-a-w- c:\windows\system32\psisdecd.dll
    2011-11-22 08:11 . 2011-08-17 04:19 75776 —-a-w- c:\windows\system32\psisrndr.ax
    2011-11-22 08:11 . 2011-08-27 04:26 571904 —-a-w- c:\windows\system32\oleaut32.dll
    2011-11-22 08:11 . 2011-08-27 04:26 233472 —-a-w- c:\windows\system32\oleacc.dll
    2011-11-22 08:11 . 2011-09-29 03:37 2341888 —-a-w- c:\windows\system32\win32k.sys
    2011-11-22 06:18 . 2011-11-25 10:53 ——– d—–w- c:\users\.Anjo
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d—–w- C:\Recovery
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\users\Default\Sjablonen
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\users\Default\Netwerkprinteromgeving
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\users\Default\Mijn documenten
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\users\Default\Menu Start
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\users\Default\AppData\Local\Geschiedenis
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\programdata\Sjablonen
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\programdata\Menu Start
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\programdata\Favorieten
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\programdata\Documenten
    2011-11-22 06:16 . 2011-11-22 06:16 ——– d-sh–we c:\programdata\Bureaublad
    2011-11-21 22:42 . 2011-11-21 22:42 ——– d—–w- c:\windows\ConfigSetRoot
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-22 11:21 . 2011-08-06 15:16 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 04:06 . 2011-08-06 15:20 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-11-21 04:40 . 2011-11-22 08:12 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Rocketdock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 10:55 937920 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 13:54 91520 —-a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
    2011-10-19 10:09 9251240 —-a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
    2011-10-19 10:09 9251240 —-a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2011-03-06 08:19 3872080 —-a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
    2011-10-24 15:51 801792 —-a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    2007-09-02 11:58 495616 —-a-w- c:\program files\RocketDock\RocketDock.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-08-06 77184]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1343400]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-11-22 42672]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-11-22 36792]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-11-22 73160]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-08-06 48640]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 176128]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
    S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-13 8598528]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-13 257024]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-11-22 148632]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-11-22 61088]
    S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS
    etr28.sys [2010-12-30 1017184]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
    2010-02-16 18:02 114688 —-a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl
    IE: &Verzenden naar OneNote - c:\program files\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\program files\MICROS~2\Office14\EXCEL.EXE/3000
    LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    FF - ProfilePath - c:\users\.Anjo\AppData\Roaming\Mozilla\Firefox\Profiles\uwm8kbs3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(3768)
    c:\program files\RocketDock\RocketDock.dll
    c:\program files\Internetbeveiliging\Spam Control\fsscoepl.dll
    c:\program files\TeamViewer\Version6\tv_w32.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\atieclxx.exe
    c:\program files\Internetbeveiliging\Common\FSMA32.EXE
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Internetbeveiliging\Common\FSHDLL32.EXE
    c:\windows\system32\taskhost.exe
    c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    c:\program files\TeamViewer\Version6\TeamViewer.exe
    c:\windows\system32\conhost.exe
    c:\program files\Internetbeveiliging\FWES\Program\fsdfwd.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\TeamViewer\Version6\tv_w32.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-12-01 20:03:52 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-12-01 19:03
    ComboFix2.txt 2011-12-01 17:09
    .
    Pre-Run: 285.389.373.440 bytes beschikbaar
    Post-Run: 285.244.633.088 bytes beschikbaar
    .
    - - End Of File - - 91BCB2B61AE3F3020225678F9D374024
  • [quote:d59be0734c="J. de Boer"]Iets geheel anders, nl. hoe komt iemand aan zoveel virussen? Dan moet je naar mijn idee toch een heleboel dingen fout doen. Veel computeraars hebben nooit een virus.[/quote:d59be0734c]

    Windows is geïnstalleerd met actieve internetverbinding die niet beveiligd is.
    Dus ook hackers kunnen dan via die verbinding toeslaan en malware meegeven!
  • @ JdeBoer

    Beats me, misschien omdat ik zoonlief toestemming gaf om toen hij hier een paar uur was , wat zaken te regelen.
    Knapen van 22 hangen niet zo aan legitiem spul zoals wij dat doen :(
    Ik probeer de zaken zo netjes mogelijk te runnen, maar zit niet naast een ander als hij/zij mijn PC's gebruikt.
    Was wel frappant dat toen hij weg was , een dag of 2 later de ellende begon….
  • Ho, Abraham
    er staat wel een router op Macadresfiltering aan bij de "voordeur"met daarin een actieve vuurmuur
  • Het is of, of.
    Want ik kan me haast niet voorstellen dat hetgeen jouw zoon heeft geflikt zoveel herrie in Windows kan veroorzaken!

    En: hoe oud is die router van jouw al en de ene hardware firewall is de andere niet!
  • Linksys Cisko WRT160 v2

    Oude Firmware, maar updaten lukt niet.
    Binfile staat op mn lappie, kan m ook vinden via webpage van router, maar wil niet updaten….

    Is er nog hoop of moet ik maar aan een nieuwe install gaan denken??
  • Als ik jou was geweest, had ik meteen alles opnieuw geïnstalleerd.
    En dan zonder internetverbinding!
    En behalve muis en toetsenbord, verder geen apparatuur met de PC verbonden.

    Overigens: Folding@Home draait weer in mijn notebook, nu in een eigen kleine partitie!
  • Dat van FAH doet me deugd ( 2e vrouw verloren aan kanker)
    Vanochtend diepe scan laten doen door Fsecure, alles schoon.
    Kan Windows Defender naast F-secure draaien, want bij install F-secure schakelde die defender niet uit, MSEssentials wél
  • Windows Defender gewoon deaktiveren, daar het tool echt de mindere is van de aktieve spywarescanner van F-Secure.

    Bovendien: twee van die scanners in Windows kunnen met elkaar conflicteren.

    En deïnstalleer ook MSE!
    Dat is de antivirusoplossing van MS!


    En ja ik vind Folding@Home belangrijk, om op die wijze mee te helpen.
    De problemen die ik had (twaalf folds in qeue) was schijnbaar te wijten aan het gegeven dat anderen al eerder diezelfde folds hadden ingeleverd.
    Want ik heb een flink aantal meldingen over dat probleem gevonden.
    Nu gaat het schijnbaar weer goed.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.