Vraag & Antwoord

Beveiliging & privacy

veel virusameldingen .....

17 antwoorden
  • Sinds nieuwe install geeft Fsecure zeer veel virusmeldingen én zijn de bestanden op mn externe schijf niet meer benaderbaar. Mappen worden gezien alss snelkoppelinng en vervolgens Nada MBAM Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 8285 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 1-12-2011 16:17:38 mbam-log-2011-12-01 (16-17-26).txt Scantype: Snelle scan Objecten gescand: 158643 Verstreken tijd: 3 minuut/minuten, 0 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 4 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 3 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aijuju (Trojan.Agent) -> Value: Aijuju -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft DLL Registration (Backdoor.Agent) -> Value: Microsoft DLL Registration -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Task Services (Backdoor.PWin.Gen) -> Value: Windows Task Services -> No action taken. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Task Services (Backdoor.PWin.Gen) -> Value: Windows Task Services -> No action taken. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\users\.anjo\appdata\roaming\aijuju.exe (Trojan.Agent) -> No action taken. c:\users\.anjo\appdata\roaming\2af5.tmp (Trojan.Agent) -> No action taken. c:\users\.anjo\appdata\roaming\6735.tmp (Trojan.Agent) -> No action taken. HJT na reboot Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:20:18, on 1-12-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe C:\Windows\Explorer.EXE C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Internetbeveiliging\Common\FSM32.EXE C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [Rocketdock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiliging\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Windows Task Services] C:\Users\.Anjo\AppData\Roaming\17C.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Windows Task Services] C:\Users\.Anjo\AppData\Roaming\17C.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\Program Files\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O21 - SSODL: Windows Task Services - C:\Users\.Anjo\AppData\Roaming\17C.exe - (no file) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\Users\ANJO~1\AppData\Local\Temp\Rar$EX67.376\Folding@home-Win32-x86.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- End of file - 6832 bytes Fsecure 2011-11-30T02:07:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59201 2011-11-30T02:07:59+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:08:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63296 2011-11-30T02:08:13+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.82,8332 2011-11-30T02:08:13+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.153,8332 2011-11-30T02:08:13+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,46.4.116.147,8332 2011-11-30T02:08:13+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,176.9.42.247,8332 2011-11-30T02:08:13+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,192.168.13.4,68 2011-11-30T02:08:13+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,255.255.255.255,67 2011-11-30T02:08:29+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:08:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52298 2011-11-30T02:08:59+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:09:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58311 2011-11-30T02:09:29+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:09:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53532 2011-11-30T02:09:59+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:09:59+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:10:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52702 2011-11-30T02:10:29+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:10:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51565 2011-11-30T02:10:59+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:11:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58279 2011-11-30T02:11:29+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:11:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64981 2011-11-30T02:11:59+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:12:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58071 2011-11-30T02:12:03+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T02:12:03+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:12:29+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:12:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57242 2011-11-30T02:12:34+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:13:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:13:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49600 2011-11-30T02:13:06+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:13:26+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:13:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:13:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55440 2011-11-30T02:14:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:14:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51718 2011-11-30T02:14:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:14:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,65145 2011-11-30T02:15:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:15:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52601 2011-11-30T02:15:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:15:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57254 2011-11-30T02:16:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:16:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62653 2011-11-30T02:16:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:16:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,65076 2011-11-30T02:17:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:17:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61413 2011-11-30T02:17:23+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:17:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:17:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59683 2011-11-30T02:18:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:18:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63354 2011-11-30T02:18:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:18:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60902 2011-11-30T02:19:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:19:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50966 2011-11-30T02:19:10+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T02:19:10+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:19:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:19:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51366 2011-11-30T02:19:41+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:20:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:20:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58930 2011-11-30T02:20:13+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:20:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:20:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61877 2011-11-30T02:21:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:21:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58452 2011-11-30T02:21:12+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:21:12+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.99,49152 2011-11-30T02:21:13+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869 2011-11-30T02:21:13+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869 2011-11-30T02:21:14+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869 2011-11-30T02:21:14+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869 2011-11-30T02:21:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:21:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49495 2011-11-30T02:22:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:22:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63158 2011-11-30T02:22:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:22:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54602 2011-11-30T02:23:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:23:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50043 2011-11-30T02:23:19+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,53982 2011-11-30T02:23:19+01:00,info,appl control,C:\Program Files\Internetbeveiliging\Common\FSHDLL32.EXE,allow,connect out,6,193.66.251.101,80 2011-11-30T02:23:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:23:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61784 2011-11-30T02:24:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:24:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63984 2011-11-30T02:24:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:24:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60940 2011-11-30T02:24:47+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:25:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:25:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62590 2011-11-30T02:25:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:25:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56277 2011-11-30T02:26:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:26:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62455 2011-11-30T02:26:17+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T02:26:17+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:26:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:26:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51471 2011-11-30T02:26:48+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:27:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:27:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57325 2011-11-30T02:27:20+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:27:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:27:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59705 2011-11-30T02:28:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:28:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58472 2011-11-30T02:28:20+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:28:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:28:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59611 2011-11-30T02:29:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:29:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64648 2011-11-30T02:29:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:29:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54986 2011-11-30T02:29:33+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.82,8332 2011-11-30T02:29:33+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.153,8332 2011-11-30T02:29:33+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,46.4.116.147,8332 2011-11-30T02:29:33+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,176.9.42.247,8332 2011-11-30T02:30:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:30:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62611 2011-11-30T02:30:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:30:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59272 2011-11-30T02:31:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:31:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54133 2011-11-30T02:31:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:31:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49304 2011-11-30T02:32:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:32:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57792 2011-11-30T02:32:11+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:32:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:32:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49548 2011-11-30T02:33:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:33:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52263 2011-11-30T02:33:24+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T02:33:24+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:33:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:33:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61749 2011-11-30T02:33:55+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:34:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:34:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63721 2011-11-30T02:34:27+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:34:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:34:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55673 2011-11-30T02:35:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:35:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63054 2011-11-30T02:35:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:35:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59902 2011-11-30T02:36:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:36:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56350 2011-11-30T02:36:12+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,64158 2011-11-30T02:36:12+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,51308 2011-11-30T02:36:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:36:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62960 2011-11-30T02:37:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:37:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64381 2011-11-30T02:37:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:37:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50924 2011-11-30T02:38:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:38:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49490 2011-11-30T02:38:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:38:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64230 2011-11-30T02:39:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:39:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54387 2011-11-30T02:39:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:39:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59180 2011-11-30T02:39:35+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:40:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:40:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58192 2011-11-30T02:40:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:40:31+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T02:40:31+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:40:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58553 2011-11-30T02:41:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:41:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:41:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63116 2011-11-30T02:41:17+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:41:17+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.99,49152 2011-11-30T02:41:17+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869 2011-11-30T02:41:17+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869 2011-11-30T02:41:18+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869 2011-11-30T02:41:18+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869 2011-11-30T02:41:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:41:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59285 2011-11-30T02:41:34+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:42:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:42:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49803 2011-11-30T02:42:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:42:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64167 2011-11-30T02:43:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:43:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59443 2011-11-30T02:43:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:43:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:43:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53335 2011-11-30T02:44:00+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:44:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54029 2011-11-30T02:44:30+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:44:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52450 2011-11-30T02:45:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:45:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,65336 2011-11-30T02:45:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:45:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58223 2011-11-30T02:46:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:46:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59427 2011-11-30T02:46:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:46:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55463 2011-11-30T02:46:59+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:47:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:47:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49301 2011-11-30T02:47:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:47:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57866 2011-11-30T02:47:38+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T02:47:38+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:48:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:48:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56988 2011-11-30T02:48:09+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:48:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:48:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60684 2011-11-30T02:48:41+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:49:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:49:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64774 2011-11-30T02:49:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:49:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53082 2011-11-30T02:50:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:50:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58808 2011-11-30T02:50:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:50:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64576 2011-11-30T02:50:53+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.82,8332 2011-11-30T02:50:53+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.153,8332 2011-11-30T02:50:53+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,46.4.116.147,8332 2011-11-30T02:50:53+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,176.9.42.247,8332 2011-11-30T02:51:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:51:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49591 2011-11-30T02:51:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:51:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63515 2011-11-30T02:52:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:52:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59764 2011-11-30T02:52:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:52:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59267 2011-11-30T02:53:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:53:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53577 2011-11-30T02:53:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:53:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52588 2011-11-30T02:54:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:54:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62415 2011-11-30T02:54:23+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:54:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:54:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53886 2011-11-30T02:54:45+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T02:54:45+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:55:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:55:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55935 2011-11-30T02:55:16+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:55:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:55:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62885 2011-11-30T02:55:48+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T02:56:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:56:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55864 2011-11-30T02:56:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:56:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52705 2011-11-30T02:57:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:57:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57586 2011-11-30T02:57:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:57:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59660 2011-11-30T02:58:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:58:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,65050 2011-11-30T02:58:08+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T02:58:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:58:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50003 2011-11-30T02:59:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:59:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57358 2011-11-30T02:59:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T02:59:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54918 2011-11-30T03:00:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:00:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57636 2011-11-30T03:00:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:00:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62379 2011-11-30T03:01:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:01:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51391 2011-11-30T03:01:22+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T03:01:22+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.99,49152 2011-11-30T03:01:22+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.1,2869 2011-11-30T03:01:22+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.1,2869 2011-11-30T03:01:23+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869 2011-11-30T03:01:23+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.3,2869 2011-11-30T03:01:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:01:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56072 2011-11-30T03:01:47+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T03:01:52+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T03:01:52+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:02:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:02:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53504 2011-11-30T03:02:23+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:02:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:02:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55822 2011-11-30T03:02:55+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:03:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:03:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64257 2011-11-30T03:03:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:03:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55057 2011-11-30T03:04:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:04:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63142 2011-11-30T03:04:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:04:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62516 2011-11-30T03:05:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:05:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51037 2011-11-30T03:05:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:05:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58779 2011-11-30T03:06:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:06:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52412 2011-11-30T03:06:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:06:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51578 2011-11-30T03:07:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:07:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58165 2011-11-30T03:07:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:07:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60604 2011-11-30T03:08:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:08:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53462 2011-11-30T03:08:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:08:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63024 2011-11-30T03:08:59+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T03:08:59+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:09:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:09:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58068 2011-11-30T03:09:11+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T03:09:30+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:09:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:09:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49436 2011-11-30T03:10:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:10:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:10:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50594 2011-11-30T03:10:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:10:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64421 2011-11-30T03:11:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:11:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59400 2011-11-30T03:11:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:11:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50869 2011-11-30T03:12:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:12:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59371 2011-11-30T03:12:14+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.82,8332 2011-11-30T03:12:14+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,188.40.92.153,8332 2011-11-30T03:12:14+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,46.4.116.147,8332 2011-11-30T03:12:14+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\17C.exe,deny,connect out,6,176.9.42.247,8332 2011-11-30T03:12:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,49696 2011-11-30T03:12:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,192.168.13.4,68 2011-11-30T03:12:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,255.255.255.255,67 2011-11-30T03:12:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,::,58304 2011-11-30T03:12:14+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,64588 2011-11-30T03:12:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:12:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52183 2011-11-30T03:13:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:13:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60240 2011-11-30T03:13:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T03:13:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:13:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,49520 2011-11-30T03:14:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:14:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50634 2011-11-30T03:14:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:14:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57703 2011-11-30T03:15:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:15:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,50606 2011-11-30T03:15:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:15:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53668 2011-11-30T03:16:01+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:16:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63839 2011-11-30T03:16:06+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T03:16:06+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:16:31+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:16:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52909 2011-11-30T03:16:35+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T03:16:37+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:17:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:17:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56840 2011-11-30T03:17:09+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:17:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:17:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58213 2011-11-30T03:18:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:18:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,53321 2011-11-30T03:18:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:18:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51811 2011-11-30T03:19:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:19:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64189 2011-11-30T03:19:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:19:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54211 2011-11-30T03:20:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:20:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58591 2011-11-30T03:20:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:20:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61306 2011-11-30T03:21:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:21:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52489 2011-11-30T03:21:27+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T03:21:27+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,192.168.13.99,49152 2011-11-30T03:21:28+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::919D:78D9:BC81:DAD7,2869 2011-11-30T03:21:28+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::919D:78D9:BC81:DAD7,2869 2011-11-30T03:21:29+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869 2011-11-30T03:21:29+01:00,info,appl control,C:\Program Files\Windows Media Player\wmpnetwk.exe,allow,connect out,6,FE80::5D8:563:C46:5FD3,2869 2011-11-30T03:21:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:21:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,56204 2011-11-30T03:22:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:22:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64874 2011-11-30T03:22:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:22:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61890 2011-11-30T03:23:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:23:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,59566 2011-11-30T03:23:13+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T03:23:13+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:23:20+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,54483 2011-11-30T03:23:20+01:00,info,appl control,C:\Program Files\Internetbeveiliging\Common\FSHDLL32.EXE,allow,connect out,6,193.66.251.102,80 2011-11-30T03:23:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:23:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51764 2011-11-30T03:23:44+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:23:59+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T03:24:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:24:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64604 2011-11-30T03:24:16+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:24:21+01:00,info,general,daemon,Policy file has been reloaded. 2011-11-30T03:24:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:24:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,58694 2011-11-30T03:24:56+01:00,info,general,daemon,Policy file has been reloaded. 2011-11-30T03:25:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:25:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55142 2011-11-30T03:25:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:25:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,52352 2011-11-30T03:26:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:26:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,54301 2011-11-30T03:26:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:26:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62132 2011-11-30T03:27:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:27:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,64252 2011-11-30T03:27:05+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,0.0.0.0,59182 2011-11-30T03:27:05+01:00,info,appl control,C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe,allow,connect out,6,217.110.97.200,80 2011-11-30T03:27:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:27:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,55288 2011-11-30T03:27:56+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T03:28:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:28:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51588 2011-11-30T03:28:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:28:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,60504 2011-11-30T03:29:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:29:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,65044 2011-11-30T03:29:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:29:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62409 2011-11-30T03:30:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:30:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,51248 2011-11-30T03:30:20+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,listen,17,FE80::7D52:F158:4A13:3590,546 2011-11-30T03:30:20+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:30:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:30:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,62887 2011-11-30T03:30:51+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:31:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:31:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,57370 2011-11-30T03:31:23+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FF02::1:2,547 2011-11-30T03:31:23+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,239.255.255.250,1900 2011-11-30T03:31:32+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:31:32+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,61668 2011-11-30T03:32:02+01:00,info,appl control,C:\Users\.Anjo\AppData\Roaming\regsrv64.exe,deny,connect out,6,188.72.233.119,20001 2011-11-30T03:32:02+01:00,info,appl control,C:\Windows\System32\svchost.exe,allow,send,17,FE80::5D8:563:C46:5FD3,63316
  • Als ik een map benader op de externe schijf, opent die alleen almet Reklik en "bestandslocatie Openeen Elke map laat t volgende zien [img:5092ee6c66]http://i734.photobucket.com/albums/ww342/AnjoZwartkruis/Smap.jpg[/img:5092ee6c66]
  • Hoe heb jij die nieuwe installatie gedaan? Was alle apparatuur en ook de internetkabel met jouw PC verbonden? Want wat ik uit het MBAM-log haal zijn doorgaans die meldingen die voortkomen uit het gebruik van kegens! En waarom heb je MBAM die files niet laten verwijderen?
  • Er draait als test een gekraakte Auslogics, dat klopt. :oops: Teveel betaalde programma's gehad die absoluut niet deden wat ze zeiden. Maar deze Auslogics doet wat t beloofd en wordt binnenkort braaf aangeschaft, net als mijn 9 Windows versies en Office, Nero en Fsecure betaald zijn Zoonlief heeft meen ik wel Kraagle??? erop gehad maar dat heb ik ASAP eraf gekletterd toen ik zag wat dat deed Wel een aantal films gedownload via spotplanet.org, kunnen die besmet zijn geweest?? En de inhoud van die externe mappen, ik ben bang dat daar een onbewuste knop+scroll actie de zaak vernaggeld heeft Log was voordat MBAM de zaak eraf haalde en een herstart. Inet was idd verbonden omdat MS vraagt om meteen te updaten, altijd zo gedaan
  • Auslogics Diskdefrag is gratis hoor. Waar heb jij die zogenaamde "gekraakte" dan vandaan? Alleen Boostspeed van Auslogics is te betalen! Altijd de internetverbinding kappen aleer je Windows installeert. Dat updaten gaat via een onbeveiligde verbindin en hackers weten dat ook al jaren! [b:eff8daf78a]Welk programma[/b:eff8daf78a]: ComboFix [b:eff8daf78a]Waarvoor/waarom[/b:eff8daf78a]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:eff8daf78a]Moeilijkheidsgraad[/b:eff8daf78a]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:eff8daf78a]Downloadlokatie[/b:eff8daf78a]: Dit programma absoluut naar het bureaublad downloaden! [b:eff8daf78a]Download ComboFix via één van deze locaties[/b:eff8daf78a]: [list:eff8daf78a][*:eff8daf78a][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:eff8daf78a]Bleepingcomputer[/b:eff8daf78a][/url] [*:eff8daf78a][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:eff8daf78a]ForoSpyware[/b:eff8daf78a][/url] [*:eff8daf78a][url=http://subs.geekstogo.com/ComboFix.exe][b:eff8daf78a]Geekstogo[/b:eff8daf78a][/url][/list:u:eff8daf78a] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:eff8daf78a]Hier[/b:eff8daf78a][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:eff8daf78a]Hier[/b:eff8daf78a][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:eff8daf78a]hier[/b:eff8daf78a][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:eff8daf78a]Voor alle duidelijkheid nogmaals[/b:eff8daf78a]: ComboFix dient vanaf het bureaublad gestart te worden. [b:eff8daf78a]Opmerkingen[/b:eff8daf78a]: [list:eff8daf78a][*:eff8daf78a] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:eff8daf78a]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:eff8daf78a]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:eff8daf78a] [b:eff8daf78a]ComboFix is opgestart[/b:eff8daf78a]: [list:eff8daf78a][*:eff8daf78a]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:eff8daf78a]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:eff8daf78a]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:eff8daf78a]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:eff8daf78a]Post de inhoud van dit logbestand in je volgende bericht. [*:eff8daf78a]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:eff8daf78a] [b:eff8daf78a]Belangrijke opmerking[/b:eff8daf78a]: [list:eff8daf78a][*:eff8daf78a][b:eff8daf78a][color=Red:eff8daf78a]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:eff8daf78a][/b:eff8daf78a] [*:eff8daf78a][b:eff8daf78a][color=blue:eff8daf78a]Illegal operation attempted on a registery key that has been marked for deletion.[/color:eff8daf78a][/b:eff8daf78a] [*:eff8daf78a][b:eff8daf78a][color=Red:eff8daf78a]Start dan de computer opnieuw op.[/color:eff8daf78a][/b:eff8daf78a][/list:u:eff8daf78a]
  • Boostspeed is-meen ik via datCraglegebeuren binnengehaald. Zoonlief zit op St Maarten , kan m niet even vragen LOL ComboFix 11-12-01.01 - .Anjo 01-12-2011 18:04:28.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3583.2525 [GMT 1:00] Gestart vanuit: c:\users\.Anjo\Desktop\ComboFix.exe AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\.Anjo\AppData\Roaming\.Anjolog.dat c:\users\.Anjo\AppData\Roaming\20EC.exe c:\users\.Anjo\AppData\Roaming\D3BB.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))) . . 2011-12-01 17:08 . 2011-12-01 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-01 15:17 . 2011-12-01 15:17 -------- d-----w- c:\program files\Trend Micro 2011-12-01 15:13 . 2011-12-01 15:13 -------- d-----w- c:\programdata\Malwarebytes 2011-12-01 15:13 . 2011-12-01 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-01 15:13 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-29 13:14 . 2011-10-18 00:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DE2E217-1B0C-4AFB-870D-6EB87DA157AA}\mpengine.dll 2011-11-27 22:58 . 2011-11-27 22:58 -------- d-----w- c:\program files\AutoUnpack 2011-11-25 09:01 . 2011-11-25 09:02 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2011-11-25 09:01 . 2011-11-25 09:01 -------- d-----w- c:\program files\Microsoft SDKs 2011-11-25 09:01 . 2011-11-25 09:01 -------- d-----w- c:\program files\Common Files\Corel 2011-11-25 09:01 . 2011-11-25 09:01 -------- d-----w- c:\programdata\Corel 2011-11-25 08:58 . 2011-11-25 08:58 -------- d-----w- c:\program files\Corel 2011-11-25 08:47 . 2011-11-25 08:47 -------- d-----w- c:\programdata\Sync App Settings 2011-11-25 08:47 . 2011-11-25 08:47 -------- d-----w- c:\program files\Allway Sync 2011-11-24 14:49 . 2011-11-24 14:49 10057216 ----a-w- C:\FahCore_a4.exe 2011-11-24 14:45 . 2011-11-25 00:09 -------- d-----w- C:\work 2011-11-24 08:57 . 2011-11-24 08:57 -------- d-----w- c:\program files\Microsoft Silverlight 2011-11-23 14:04 . 2011-11-23 14:04 -------- d-----w- C:\Mijn muziek 2011-11-23 09:42 . 2011-11-23 09:42 -------- d-----w- c:\program files\PixiePack Codec Pack 2011-11-23 09:41 . 2011-11-23 09:41 -------- d-----w- c:\programdata\RapidSolution 2011-11-23 09:41 . 2011-11-23 09:41 -------- d-----w- c:\program files\RapidSolution 2011-11-22 19:29 . 2011-11-22 19:30 -------- d-----w- c:\program files\MediaMonkey 2011-11-22 19:13 . 2011-11-22 19:13 -------- d-----w- c:\program files\AnvSoft 2011-11-22 18:12 . 2011-11-22 18:19 -------- d-----w- c:\program files\Nero 2011-11-22 18:12 . 2011-11-22 18:14 -------- d-----w- c:\programdata\Nero 2011-11-22 18:12 . 2011-11-22 18:19 -------- d-----w- c:\program files\Common Files\Nero 2011-11-22 18:12 . 2011-11-22 18:12 -------- d-----w- c:\program files\Ask.com 2011-11-22 12:24 . 2011-11-22 12:24 -------- d-----w- c:\programdata\Messenger Plus! 2011-11-22 11:22 . 2011-11-22 11:22 -------- d-----w- C:\NST 2011-11-22 11:22 . 2011-11-22 11:22 -------- d-----w- c:\program files\NeoSmart Technologies 2011-11-22 10:47 . 2011-11-22 10:47 -------- d-----w- c:\program files\VideoLAN 2011-11-22 10:46 . 2011-11-22 10:46 -------- d-----w- c:\program files\Google 2011-11-22 10:45 . 2011-11-22 10:45 -------- d-----w- c:\program files\Spirent Communications 2011-11-22 10:44 . 2011-11-22 10:46 -------- d-----w- c:\program files\HTC 2011-11-22 10:44 . 2011-11-22 10:44 -------- d-----w- c:\program files\MSXML 4.0 2011-11-22 10:24 . 2011-11-22 10:41 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys 2011-11-22 10:24 . 2011-11-22 11:08 36792 ----a-w- c:\windows\system32\drivers\fses.sys 2011-11-22 10:24 . 2011-11-22 11:09 73160 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2011-11-22 10:24 . 2011-11-22 11:10 -------- d-----w- c:\program files\Internetbeveiliging 2011-11-22 10:23 . 2011-11-22 10:23 -------- d-----w- c:\program files\Auslogics 2011-11-22 10:20 . 2011-11-22 10:23 -------- d-----w- c:\programdata\fssg 2011-11-22 10:19 . 2011-11-22 10:24 -------- d-----w- c:\programdata\f-secure 2011-11-22 10:14 . 2011-11-22 10:14 -------- d-----w- C:\My Music 2011-11-22 10:07 . 2011-11-22 10:07 -------- d-----w- C:\NZB Auto Import Folder 2011-11-22 10:00 . 2011-11-22 10:00 -------- d-----w- c:\program files\TeamViewer 2011-11-22 09:29 . 2011-11-22 09:29 -------- d-----w- c:\program files\Common Files\logishrd 2011-11-22 09:24 . 2011-11-22 09:24 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-11-22 09:23 . 2011-11-22 09:23 -------- d-----w- c:\windows\PCHEALTH 2011-11-22 09:23 . 2011-11-22 09:23 -------- d-----w- c:\program files\Microsoft Sync Framework 2011-11-22 09:23 . 2011-11-22 09:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-11-22 09:23 . 2011-11-22 09:23 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-11-22 09:22 . 2011-11-22 09:22 -------- d-----w- c:\program files\Microsoft Analysis Services 2011-11-22 09:22 . 2011-11-27 00:20 -------- d-----w- c:\programdata\Microsoft Help 2011-11-22 09:21 . 2011-11-22 09:21 -------- d-----r- C:\MSOCache 2011-11-22 09:14 . 2011-11-22 09:14 0 ----a-w- c:\windows\ativpsrm.bin 2011-11-22 09:06 . 2008-08-20 17:35 453152 ----a-w- c:\windows\system32\nvuninst.exe 2011-11-22 09:03 . 2011-11-22 09:03 -------- d-----w- c:\program files\Realtek 2011-11-22 08:25 . 2011-11-22 08:25 -------- d-----w- c:\program files\NewsLeecher 2011-11-22 08:23 . 2007-05-23 20:22 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL 2011-11-22 08:16 . 2011-11-22 08:16 -------- d-----w- c:\programdata\Innovative Solutions 2011-11-22 08:15 . 2011-11-22 08:15 -------- d-----w- c:\program files\Innovative Solutions 2011-11-22 08:11 . 2011-09-29 16:17 1303920 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-22 08:11 . 2011-09-29 16:17 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2011-11-22 08:11 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-22 08:11 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-11-22 08:11 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-11-22 08:11 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-11-22 08:11 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-11-22 08:11 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys 2011-11-22 06:18 . 2011-11-25 10:53 -------- d-----w- c:\users\.Anjo 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-----w- C:\Recovery 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\users\Default\Sjablonen 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\users\Default\Netwerkprinteromgeving 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\users\Default\Mijn documenten 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\users\Default\Menu Start 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\users\Default\AppData\Local\Geschiedenis 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\programdata\Sjablonen 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\programdata\Menu Start 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\programdata\Favorieten 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\programdata\Documenten 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\programdata\Bureaublad 2011-11-21 22:42 . 2011-11-21 22:42 -------- d-----w- c:\windows\ConfigSetRoot . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-22 11:21 . 2011-08-06 15:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 04:06 . 2011-08-06 15:20 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-21 04:40 . 2011-11-22 08:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rocketdock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax] 2011-10-19 10:09 9251240 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART] 2011-10-19 10:09 9251240 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2011-03-06 08:19 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService] 2011-10-24 15:51 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] 2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-08-06 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1343400] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-11-22 42672] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-11-22 36792] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-11-22 73160] S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-08-06 48640] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 176128] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-13 8598528] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-13 257024] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-11-22 148632] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-11-22 61088] S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-12-30 1017184] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl IE: &Verzenden naar OneNote - c:\program files\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\program files\MICROS~2\Office14\EXCEL.EXE/3000 LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 FF - ProfilePath - c:\users\.Anjo\AppData\Roaming\Mozilla\Firefox\Profiles\uwm8kbs3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-Windows Task Services - c:\users\.Anjo\AppData\Roaming\17C.exe HKLM-Run-Windows Task Services - c:\users\.Anjo\AppData\Roaming\17C.exe SSODL-Windows Task Services-c:\users\.Anjo\AppData\Roaming\17C.exe - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(580) c:\program files\internetbeveiliging\hips\fshook32.dll . - - - - - - - > 'lsass.exe'(592) c:\program files\internetbeveiliging\hips\fshook32.dll . Voltooingstijd: 2011-12-01 18:09:29 ComboFix-quarantined-files.txt 2011-12-01 17:09 . Pre-Run: 285.291.601.920 bytes beschikbaar Post-Run: 285.406.130.176 bytes beschikbaar . - - End Of File - - 9B031842CFAE5447E9B5F88387038295
  • Ik vind zowel een file van ATI alsook van NVidia???????????? Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:6586742af9]Kladblok (of Notepad)[/b:6586742af9]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:6586742af9][COLOR="Blue"]KILLALL:: Folder:: c:\program files\Ask.com [/COLOR][/b:6586742af9] Sla dit kladblokbestand op je bureaublad op als [b:6586742af9]CFScript.txt[/b:6586742af9]. [b:6586742af9][COLOR="Red"]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/COLOR][/b:6586742af9] Sleep CFScript.txt in ComboFix.exe [img:6586742af9]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:6586742af9] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder! [b:6586742af9]Belangrijke opmerking[/b:6586742af9]: [list:6586742af9][*:6586742af9][b:6586742af9][color=#FF0000:6586742af9]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:6586742af9][/b:6586742af9] [*:6586742af9][b:6586742af9][color=#0000FF:6586742af9]Illegal operation attempted on a registery key that has been marked for deletion.[/color:6586742af9][/b:6586742af9] [*:6586742af9][b:6586742af9][color=#FF0000:6586742af9]Start dan de computer opnieuw op.[/color:6586742af9][/b:6586742af9][/list:u:6586742af9]
  • Iets geheel anders, nl. hoe komt iemand aan zoveel virussen? Dan moet je naar mijn idee toch een heleboel dingen fout doen. Veel computeraars hebben nooit een virus.
  • Snap niet wat je bedoeld met die kleurcodeerder, zie ik niet in kladblok.... ComboFix 11-12-01.02 - .Anjo 01-12-2011 19:57:15.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3583.2601 [GMT 1:00] Gestart vanuit: c:\users\.Anjo\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\.Anjo\Desktop\CFScript.txt AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))) . . 2011-12-01 15:17 . 2011-12-01 15:17 -------- d-----w- c:\program files\Trend Micro 2011-12-01 15:13 . 2011-12-01 15:13 -------- d-----w- c:\programdata\Malwarebytes 2011-12-01 15:13 . 2011-12-01 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-01 15:13 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-29 13:14 . 2011-10-18 00:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DE2E217-1B0C-4AFB-870D-6EB87DA157AA}\mpengine.dll 2011-11-27 22:58 . 2011-11-27 22:58 -------- d-----w- c:\program files\AutoUnpack 2011-11-25 09:01 . 2011-11-25 09:02 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2011-11-25 09:01 . 2011-11-25 09:01 -------- d-----w- c:\program files\Microsoft SDKs 2011-11-25 09:01 . 2011-11-25 09:01 -------- d-----w- c:\program files\Common Files\Corel 2011-11-25 09:01 . 2011-11-25 09:01 -------- d-----w- c:\programdata\Corel 2011-11-25 08:58 . 2011-11-25 08:58 -------- d-----w- c:\program files\Corel 2011-11-25 08:47 . 2011-11-25 08:47 -------- d-----w- c:\programdata\Sync App Settings 2011-11-25 08:47 . 2011-11-25 08:47 -------- d-----w- c:\program files\Allway Sync 2011-11-24 14:49 . 2011-11-24 14:49 10057216 ----a-w- C:\FahCore_a4.exe 2011-11-24 14:45 . 2011-11-25 00:09 -------- d-----w- C:\work 2011-11-24 08:57 . 2011-11-24 08:57 -------- d-----w- c:\program files\Microsoft Silverlight 2011-11-23 14:04 . 2011-11-23 14:04 -------- d-----w- C:\Mijn muziek 2011-11-23 09:42 . 2011-11-23 09:42 -------- d-----w- c:\program files\PixiePack Codec Pack 2011-11-23 09:41 . 2011-11-23 09:41 -------- d-----w- c:\programdata\RapidSolution 2011-11-23 09:41 . 2011-11-23 09:41 -------- d-----w- c:\program files\RapidSolution 2011-11-22 19:29 . 2011-11-22 19:30 -------- d-----w- c:\program files\MediaMonkey 2011-11-22 19:13 . 2011-11-22 19:13 -------- d-----w- c:\program files\AnvSoft 2011-11-22 18:12 . 2011-11-22 18:19 -------- d-----w- c:\program files\Nero 2011-11-22 18:12 . 2011-11-22 18:14 -------- d-----w- c:\programdata\Nero 2011-11-22 18:12 . 2011-11-22 18:19 -------- d-----w- c:\program files\Common Files\Nero 2011-11-22 12:24 . 2011-11-22 12:24 -------- d-----w- c:\programdata\Messenger Plus! 2011-11-22 11:22 . 2011-11-22 11:22 -------- d-----w- C:\NST 2011-11-22 11:22 . 2011-11-22 11:22 -------- d-----w- c:\program files\NeoSmart Technologies 2011-11-22 10:47 . 2011-11-22 10:47 -------- d-----w- c:\program files\VideoLAN 2011-11-22 10:46 . 2011-11-22 10:46 -------- d-----w- c:\program files\Google 2011-11-22 10:45 . 2011-11-22 10:45 -------- d-----w- c:\program files\Spirent Communications 2011-11-22 10:44 . 2011-11-22 10:46 -------- d-----w- c:\program files\HTC 2011-11-22 10:44 . 2011-11-22 10:44 -------- d-----w- c:\program files\MSXML 4.0 2011-11-22 10:24 . 2011-11-22 10:41 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys 2011-11-22 10:24 . 2011-11-22 11:08 36792 ----a-w- c:\windows\system32\drivers\fses.sys 2011-11-22 10:24 . 2011-11-22 11:09 73160 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2011-11-22 10:24 . 2011-11-22 11:10 -------- d-----w- c:\program files\Internetbeveiliging 2011-11-22 10:23 . 2011-11-22 10:23 -------- d-----w- c:\program files\Auslogics 2011-11-22 10:20 . 2011-11-22 10:23 -------- d-----w- c:\programdata\fssg 2011-11-22 10:19 . 2011-11-22 10:24 -------- d-----w- c:\programdata\f-secure 2011-11-22 10:14 . 2011-11-22 10:14 -------- d-----w- C:\My Music 2011-11-22 10:07 . 2011-11-22 10:07 -------- d-----w- C:\NZB Auto Import Folder 2011-11-22 10:00 . 2011-11-22 10:00 -------- d-----w- c:\program files\TeamViewer 2011-11-22 09:29 . 2011-11-22 09:29 -------- d-----w- c:\program files\Common Files\logishrd 2011-11-22 09:24 . 2011-11-22 09:24 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-11-22 09:23 . 2011-11-22 09:23 -------- d-----w- c:\windows\PCHEALTH 2011-11-22 09:23 . 2011-11-22 09:23 -------- d-----w- c:\program files\Microsoft Sync Framework 2011-11-22 09:23 . 2011-11-22 09:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-11-22 09:23 . 2011-11-22 09:23 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-11-22 09:22 . 2011-11-22 09:22 -------- d-----w- c:\program files\Microsoft Analysis Services 2011-11-22 09:22 . 2011-11-27 00:20 -------- d-----w- c:\programdata\Microsoft Help 2011-11-22 09:21 . 2011-11-22 09:21 -------- d-----r- C:\MSOCache 2011-11-22 09:14 . 2011-11-22 09:14 0 ----a-w- c:\windows\ativpsrm.bin 2011-11-22 09:06 . 2008-08-20 17:35 453152 ----a-w- c:\windows\system32\nvuninst.exe 2011-11-22 09:03 . 2011-11-22 09:03 -------- d-----w- c:\program files\Realtek 2011-11-22 08:25 . 2011-11-22 08:25 -------- d-----w- c:\program files\NewsLeecher 2011-11-22 08:23 . 2007-05-23 20:22 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL 2011-11-22 08:16 . 2011-11-22 08:16 -------- d-----w- c:\programdata\Innovative Solutions 2011-11-22 08:15 . 2011-11-22 08:15 -------- d-----w- c:\program files\Innovative Solutions 2011-11-22 08:11 . 2011-09-29 16:17 1303920 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-22 08:11 . 2011-09-29 16:17 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2011-11-22 08:11 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-22 08:11 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-11-22 08:11 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-11-22 08:11 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-11-22 08:11 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-11-22 08:11 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys 2011-11-22 06:18 . 2011-11-25 10:53 -------- d-----w- c:\users\.Anjo 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-----w- C:\Recovery 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\users\Default\Sjablonen 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\users\Default\Netwerkprinteromgeving 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\users\Default\Mijn documenten 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\users\Default\Menu Start 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\users\Default\AppData\Local\Geschiedenis 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\programdata\Sjablonen 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\programdata\Menu Start 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\programdata\Favorieten 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\programdata\Documenten 2011-11-22 06:16 . 2011-11-22 06:16 -------- d-sh--we c:\programdata\Bureaublad 2011-11-21 22:42 . 2011-11-21 22:42 -------- d-----w- c:\windows\ConfigSetRoot . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-22 11:21 . 2011-08-06 15:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 04:06 . 2011-08-06 15:20 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-21 04:40 . 2011-11-22 08:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rocketdock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax] 2011-10-19 10:09 9251240 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART] 2011-10-19 10:09 9251240 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2011-03-06 08:19 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService] 2011-10-24 15:51 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] 2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-08-06 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1343400] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-11-22 42672] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-11-22 36792] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-11-22 73160] S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-08-06 48640] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 176128] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-13 8598528] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-13 257024] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-11-22 148632] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-11-22 61088] S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-12-30 1017184] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl IE: &Verzenden naar OneNote - c:\program files\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\program files\MICROS~2\Office14\EXCEL.EXE/3000 LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 FF - ProfilePath - c:\users\.Anjo\AppData\Roaming\Mozilla\Firefox\Profiles\uwm8kbs3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: network.proxy.type - 0 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3768) c:\program files\RocketDock\RocketDock.dll c:\program files\Internetbeveiliging\Spam Control\fsscoepl.dll c:\program files\TeamViewer\Version6\tv_w32.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Internetbeveiliging\Common\FSMA32.EXE c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Internetbeveiliging\Common\FSHDLL32.EXE c:\windows\system32\taskhost.exe c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe c:\program files\TeamViewer\Version6\TeamViewer.exe c:\windows\system32\conhost.exe c:\program files\Internetbeveiliging\FWES\Program\fsdfwd.exe c:\windows\system32\WUDFHost.exe c:\program files\TeamViewer\Version6\tv_w32.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2011-12-01 20:03:52 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-01 19:03 ComboFix2.txt 2011-12-01 17:09 . Pre-Run: 285.389.373.440 bytes beschikbaar Post-Run: 285.244.633.088 bytes beschikbaar . - - End Of File - - 91BCB2B61AE3F3020225678F9D374024
  • [quote:d59be0734c="J. de Boer"]Iets geheel anders, nl. hoe komt iemand aan zoveel virussen? Dan moet je naar mijn idee toch een heleboel dingen fout doen. Veel computeraars hebben nooit een virus.[/quote:d59be0734c] Windows is geïnstalleerd met actieve internetverbinding die niet beveiligd is. Dus ook hackers kunnen dan via die verbinding toeslaan en malware meegeven!
  • @ JdeBoer Beats me, misschien omdat ik zoonlief toestemming gaf om toen hij hier een paar uur was , wat zaken te regelen. Knapen van 22 hangen niet zo aan legitiem spul zoals wij dat doen :( Ik probeer de zaken zo netjes mogelijk te runnen, maar zit niet naast een ander als hij/zij mijn PC's gebruikt. Was wel frappant dat toen hij weg was , een dag of 2 later de ellende begon....
  • Ho, Abraham er staat wel een router op Macadresfiltering aan bij de "voordeur"met daarin een actieve vuurmuur
  • Het is of, of. Want ik kan me haast niet voorstellen dat hetgeen jouw zoon heeft geflikt zoveel herrie in Windows kan veroorzaken! En: hoe oud is die router van jouw al en de ene hardware firewall is de andere niet!
  • Linksys Cisko WRT160 v2 Oude Firmware, maar updaten lukt niet. Binfile staat op mn lappie, kan m ook vinden via webpage van router, maar wil niet updaten.... Is er nog hoop of moet ik maar aan een nieuwe install gaan denken??
  • Als ik jou was geweest, had ik meteen alles opnieuw geïnstalleerd. En dan zonder internetverbinding! En behalve muis en toetsenbord, verder geen apparatuur met de PC verbonden. Overigens: Folding@Home draait weer in mijn notebook, nu in een eigen kleine partitie!
  • Dat van FAH doet me deugd ( 2e vrouw verloren aan kanker) Vanochtend diepe scan laten doen door Fsecure, alles schoon. Kan Windows Defender naast F-secure draaien, want bij install F-secure schakelde die defender niet uit, MSEssentials wél
  • Windows Defender gewoon deaktiveren, daar het tool echt de mindere is van de aktieve spywarescanner van F-Secure. Bovendien: twee van die scanners in Windows kunnen met elkaar conflicteren. En deïnstalleer ook MSE! Dat is de antivirusoplossing van MS! En ja ik vind Folding@Home belangrijk, om op die wijze mee te helpen. De problemen die ik had (twaalf folds in qeue) was schijnbaar te wijten aan het gegeven dat anderen al eerder diezelfde folds hadden ingeleverd. Want ik heb een flink aantal meldingen over dat probleem gevonden. Nu gaat het schijnbaar weer goed.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.