|
Log-Analyse und Auswertung: Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfindWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.03.2014, 12:55 | #1 |
| Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Guten Tag, ich benötige Profihilfe, habe bereits alles versucht. Hier meine logfiles: defogger: Log created at 12:29 on 17/03/2014 (Wes) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- frst: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Wes (administrator) on WES-PC on 17-03-2014 12:32:48 Running from C:\Users\Wes\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (COMODO) C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Emsi Software GmbH) C:\Program Files\a-squared Free\a2service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [ISW] - [X] HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-01-06] () HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM - HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll No File Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default FF DefaultSearchEngine: StartWeb FF SelectedSearchEngine: StartWeb FF Homepage: https://www.google.de/ FF NetworkProxy: "ftp", "46.22.173.9" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "46.22.173.9" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "46.22.173.9" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "46.22.173.9" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HDvid-Codec V9.0 - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com [2014-03-08] FF Extension: DownloadHelper - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27] FF Extension: Stealthy - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\stealthyextension@gmail.com.xpi [2011-08-31] FF Extension: GrabRez - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-03-05] FF Extension: Adblock Plus - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}] - C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker ========================== Services (Whitelisted) ================= R2 a2free; C:\Program Files\a-squared Free\a2service.exe [719392 2009-07-13] (Emsi Software GmbH) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 CLPSLS; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [148744 2010-02-19] (COMODO) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-17] (IObit) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () S2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG) S3 cpuz129; C:\Program Files\PC Wizard 2008\pcwiz32.sys [9600 2008-01-25] (Windows (R) Codename Longhorn DDK provider) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH) R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55224 2014-03-02] (StdLib) R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242048 2008-06-05] (Vimicro Corporation) S3 cpuz132; \??\C:\Users\Wes\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe 2014-03-17 12:32 - 2014-03-17 12:32 - 00013085 _____ () C:\Users\Wes\Desktop\FRST.txt 2014-03-17 12:29 - 2014-03-17 12:30 - 00000468 _____ () C:\Users\Wes\Desktop\defogger_disable.log 2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable 2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe 2014-03-17 11:43 - 2014-02-13 14:32 - 00000426 _____ () C:\AVScanner.ini 2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe 2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe 2014-03-17 04:11 - 2014-03-17 11:41 - 00000000 ____D () C:\ProgramData\IObit 2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Program Files\IObit 2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe 2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt 2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe 2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT 2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe 2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm 2014-03-17 03:33 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033333.backup 2014-03-17 03:32 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033248.backup 2014-03-13 01:12 - 2014-03-17 11:56 - 00000000 ____D () C:\AdwCleaner 2014-03-13 00:43 - 2014-03-17 12:32 - 00000000 ____D () C:\FRST 2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe 2014-03-12 03:21 - 2014-03-12 03:24 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-03-12 03:14 - 2011-07-06 15:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2014-03-12 03:14 - 2011-06-02 13:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 03:14 - 2011-05-02 16:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-03-12 03:14 - 2011-04-29 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-03-12 03:14 - 2011-04-21 14:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-03-12 03:14 - 2011-04-20 15:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-03-12 03:14 - 2011-04-20 15:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-03-12 03:14 - 2011-04-14 15:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-03-12 03:14 - 2010-12-20 16:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-03-12 03:13 - 2011-04-29 15:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-03-06 00:13 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140306-001303.backup 2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe 2014-03-05 04:16 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-041616.backup 2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys 2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira 2014-02-24 14:15 - 2014-02-14 11:00 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-02-15 00:39 - 2014-02-15 00:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-03-17 12:33 - 2014-03-17 12:32 - 00013085 _____ () C:\Users\Wes\Desktop\FRST.txt 2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe 2014-03-17 12:32 - 2014-03-13 00:43 - 00000000 ____D () C:\FRST 2014-03-17 12:30 - 2014-03-17 12:29 - 00000468 _____ () C:\Users\Wes\Desktop\defogger_disable.log 2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable 2014-03-17 12:29 - 2009-02-04 12:00 - 00000000 ____D () C:\Users\Wes 2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe 2014-03-17 11:58 - 2009-01-17 00:30 - 00136265 _____ () C:\ProgramData\nvModes.001 2014-03-17 11:57 - 2013-09-19 12:29 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-17 11:57 - 2011-12-31 11:06 - 00668032 _____ () C:\Windows\PFRO.log 2014-03-17 11:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-17 11:57 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 11:57 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 11:56 - 2014-03-13 01:12 - 00000000 ____D () C:\AdwCleaner 2014-03-17 11:56 - 2012-05-03 11:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-17 11:56 - 2009-01-17 01:10 - 01978450 _____ () C:\Windows\WindowsUpdate.log 2014-03-17 11:56 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-17 11:56 - 2006-11-02 14:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-17 11:46 - 2012-04-09 18:01 - 00000000 ____D () C:\Westwood 2014-03-17 11:41 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\IObit 2014-03-17 11:39 - 2013-09-19 12:29 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe 2014-03-17 04:34 - 2010-04-24 01:02 - 00000000 ____D () C:\Program Files\Comodo 2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe 2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Program Files\IObit 2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe 2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt 2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe 2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT 2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe 2014-03-17 03:44 - 2009-03-09 21:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm 2014-03-12 04:20 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe 2014-03-12 03:37 - 2009-01-17 00:29 - 00136265 _____ () C:\ProgramData\nvModes.dat 2014-03-12 03:34 - 2006-11-02 13:47 - 00395824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 03:27 - 2009-02-20 11:40 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-03-12 03:24 - 2014-03-12 03:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-03-12 02:56 - 2012-05-03 11:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-12 02:56 - 2011-05-20 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-07 01:53 - 2009-12-14 14:37 - 00000000 ____D () C:\Users\Wes\Desktop\Dokumente 2014-03-05 17:10 - 2008-09-11 16:11 - 00000000 ____D () C:\Windows\de-DE 2014-03-05 12:20 - 2012-12-20 14:46 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-05 12:20 - 2011-08-11 00:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe 2014-03-04 04:39 - 2012-05-03 14:21 - 00000000 ____D () C:\Program Files\PKR 2014-03-02 14:03 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys 2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira 2014-02-24 13:54 - 2012-12-20 18:05 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-02-23 20:12 - 2006-11-02 11:23 - 00002577 _____ () C:\Windows\system32\config.nt 2014-02-16 15:08 - 2011-12-02 14:58 - 00000000 ____D () C:\Users\Wes\Documents\MAGIX_MxTray 2014-02-16 15:08 - 2011-12-02 14:49 - 00000000 ____D () C:\ProgramData\MAGIX 2014-02-15 00:39 - 2014-02-15 00:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox Some content of TEMP: ==================== C:\Users\Wes\AppData\Local\Temp\avgnt.exe C:\Users\Wes\AppData\Local\Temp\promote-upx.exe C:\Users\Wes\AppData\Local\Temp\Quarantine.exe C:\Users\Wes\AppData\Local\Temp\Uninst.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-17 12:05 ==================== End Of Log ============================ frst: |
17.03.2014, 16:37 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Hi
__________________Zitat:
Außerdem fehlt das andere Log von FRST (additions.txt) Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
17.03.2014, 16:54 | #3 |
| Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Ich habe mir Malwarebytes runtergeladen, durchlaufen lassen - etliche Funde - danach auf beheben - wenn ich es nun laufen lasse, kommen "Funde 0".
__________________logfiles habe ich aber nicht mehr, wusste vor zwei Tagen nicht, dass ich die noch brauchen würde. adwcleaner ebenfalls installiert und laufen lassen. Auch hier keine Meldung. FRST habe ich installiert, laufen lassen und den logfile so gepostet, wie er mir angezeigt wird. gerne nochmal, wenn was fehlt brauche ich Hilfe. Im Übrigen sind Weiterleitungen seit zwei Stunden noch nicht aufgetreten. Und vielen Dank erstmal fürs kümmern. hier nochmal der frst logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Wes (administrator) on WES-PC on 17-03-2014 16:48:38 Running from C:\Users\Wes\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Emsi Software GmbH) C:\Program Files\a-squared Free\a2service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [ISW] - [X] HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-01-06] () HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM - HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll No File Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default FF DefaultSearchEngine: StartWeb FF SelectedSearchEngine: StartWeb FF Homepage: https://www.google.de/ FF NetworkProxy: "ftp", "46.22.173.9" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "46.22.173.9" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "46.22.173.9" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "46.22.173.9" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HDvid-Codec V9.0 - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com [2014-03-08] FF Extension: DownloadHelper - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27] FF Extension: Stealthy - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\stealthyextension@gmail.com.xpi [2011-08-31] FF Extension: GrabRez - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-03-05] FF Extension: Adblock Plus - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}] - C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker ========================== Services (Whitelisted) ================= R2 a2free; C:\Program Files\a-squared Free\a2service.exe [719392 2009-07-13] (Emsi Software GmbH) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-17] (IObit) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () S2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG) S3 cpuz129; C:\Program Files\PC Wizard 2008\pcwiz32.sys [9600 2008-01-25] (Windows (R) Codename Longhorn DDK provider) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH) R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55224 2014-03-02] (StdLib) R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242048 2008-06-05] (Vimicro Corporation) S3 cpuz132; \??\C:\Users\Wes\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 12:44 - 2014-03-17 12:44 - 00138832 _____ () C:\Windows\Minidump\Mini031714-01.dmp 2014-03-17 12:42 - 2014-03-17 12:44 - 223734794 _____ () C:\Windows\MEMORY.DMP 2014-03-17 12:34 - 2014-03-17 12:34 - 00380416 _____ () C:\Users\Wes\Desktop\Gmer-19357.exe 2014-03-17 12:32 - 2014-03-17 16:48 - 00012798 _____ () C:\Users\Wes\Desktop\FRST.txt 2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe 2014-03-17 12:29 - 2014-03-17 12:30 - 00000468 _____ () C:\Users\Wes\Desktop\defogger_disable.log 2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable 2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe 2014-03-17 11:43 - 2014-02-13 14:32 - 00000426 _____ () C:\AVScanner.ini 2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe 2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe 2014-03-17 04:11 - 2014-03-17 11:41 - 00000000 ____D () C:\ProgramData\IObit 2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Program Files\IObit 2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe 2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt 2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe 2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT 2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe 2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm 2014-03-17 03:33 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033333.backup 2014-03-17 03:32 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033248.backup 2014-03-13 01:12 - 2014-03-17 11:56 - 00000000 ____D () C:\AdwCleaner 2014-03-13 00:43 - 2014-03-17 16:48 - 00000000 ____D () C:\FRST 2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe 2014-03-12 03:21 - 2014-03-12 03:24 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-03-12 03:14 - 2011-07-06 15:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2014-03-12 03:14 - 2011-06-02 13:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 03:14 - 2011-05-02 16:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-03-12 03:14 - 2011-04-29 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-03-12 03:14 - 2011-04-21 14:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-03-12 03:14 - 2011-04-20 15:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-03-12 03:14 - 2011-04-20 15:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-03-12 03:14 - 2011-04-14 15:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-03-12 03:14 - 2010-12-20 16:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-03-12 03:13 - 2011-04-29 15:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-03-06 00:13 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140306-001303.backup 2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe 2014-03-05 04:16 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-041616.backup 2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys 2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira 2014-02-24 14:15 - 2014-02-14 11:00 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-02-15 00:39 - 2014-02-15 00:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-03-17 16:48 - 2014-03-17 12:32 - 00012798 _____ () C:\Users\Wes\Desktop\FRST.txt 2014-03-17 16:48 - 2014-03-13 00:43 - 00000000 ____D () C:\FRST 2014-03-17 16:39 - 2013-09-19 12:29 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-17 16:32 - 2009-01-17 00:30 - 00136265 _____ () C:\ProgramData\nvModes.001 2014-03-17 15:56 - 2012-05-03 11:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-17 15:07 - 2009-01-17 01:10 - 01997030 _____ () C:\Windows\WindowsUpdate.log 2014-03-17 15:02 - 2013-09-19 12:29 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-17 15:02 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-17 15:02 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 15:02 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 14:34 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-17 14:34 - 2006-11-02 14:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-17 13:21 - 2010-04-24 01:02 - 00000000 ____D () C:\Program Files\Comodo 2014-03-17 12:44 - 2014-03-17 12:44 - 00138832 _____ () C:\Windows\Minidump\Mini031714-01.dmp 2014-03-17 12:44 - 2014-03-17 12:42 - 223734794 _____ () C:\Windows\MEMORY.DMP 2014-03-17 12:44 - 2009-05-25 09:55 - 00000000 ____D () C:\Windows\Minidump 2014-03-17 12:34 - 2014-03-17 12:34 - 00380416 _____ () C:\Users\Wes\Desktop\Gmer-19357.exe 2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe 2014-03-17 12:30 - 2014-03-17 12:29 - 00000468 _____ () C:\Users\Wes\Desktop\defogger_disable.log 2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable 2014-03-17 12:29 - 2009-02-04 12:00 - 00000000 ____D () C:\Users\Wes 2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe 2014-03-17 11:57 - 2011-12-31 11:06 - 00668032 _____ () C:\Windows\PFRO.log 2014-03-17 11:56 - 2014-03-13 01:12 - 00000000 ____D () C:\AdwCleaner 2014-03-17 11:46 - 2012-04-09 18:01 - 00000000 ____D () C:\Westwood 2014-03-17 11:41 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\IObit 2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe 2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe 2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Program Files\IObit 2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe 2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt 2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe 2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT 2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe 2014-03-17 03:44 - 2009-03-09 21:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm 2014-03-12 04:20 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe 2014-03-12 03:37 - 2009-01-17 00:29 - 00136265 _____ () C:\ProgramData\nvModes.dat 2014-03-12 03:34 - 2006-11-02 13:47 - 00395824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 03:27 - 2009-02-20 11:40 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-03-12 03:24 - 2014-03-12 03:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-03-12 02:56 - 2012-05-03 11:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-12 02:56 - 2011-05-20 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-07 01:53 - 2009-12-14 14:37 - 00000000 ____D () C:\Users\Wes\Desktop\Dokumente 2014-03-05 17:10 - 2008-09-11 16:11 - 00000000 ____D () C:\Windows\de-DE 2014-03-05 12:20 - 2012-12-20 14:46 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-05 12:20 - 2011-08-11 00:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe 2014-03-04 04:39 - 2012-05-03 14:21 - 00000000 ____D () C:\Program Files\PKR 2014-03-02 14:03 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys 2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira 2014-02-24 13:54 - 2012-12-20 18:05 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-02-23 20:12 - 2006-11-02 11:23 - 00002577 _____ () C:\Windows\system32\config.nt 2014-02-16 15:08 - 2011-12-02 14:58 - 00000000 ____D () C:\Users\Wes\Documents\MAGIX_MxTray 2014-02-16 15:08 - 2011-12-02 14:49 - 00000000 ____D () C:\ProgramData\MAGIX 2014-02-15 00:39 - 2014-02-15 00:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox Some content of TEMP: ==================== C:\Users\Wes\AppData\Local\Temp\avgnt.exe C:\Users\Wes\AppData\Local\Temp\promote-upx.exe C:\Users\Wes\AppData\Local\Temp\Quarantine.exe C:\Users\Wes\AppData\Local\Temp\Uninst.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-17 15:10 ==================== End Of Log ============================ --- --- --- |
17.03.2014, 17:01 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfindZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
17.03.2014, 17:38 | #5 |
| Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind 2014/03/17 01:55:25 +0100 WES-PC Wes MESSAGE Starting database refresh 2014/03/17 01:55:30 +0100 WES-PC Wes MESSAGE Database refreshed successfully 2014/03/17 03:45:39 +0100 WES-PC Wes MESSAGE Starting protection 2014/03/17 03:45:39 +0100 WES-PC Wes MESSAGE Protection started successfully 2014/03/17 03:45:39 +0100 WES-PC Wes MESSAGE Starting IP protection 2014/03/17 03:45:50 +0100 WES-PC Wes MESSAGE IP Protection started successfully 2014/03/17 03:49:03 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49188, Process: firefox.exe) 2014/03/17 03:49:03 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49200, Process: firefox.exe) 2014/03/17 03:49:03 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49201, Process: firefox.exe) 2014/03/17 03:49:03 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49203, Process: firefox.exe) 2014/03/17 03:49:03 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49204, Process: firefox.exe) 2014/03/17 03:49:27 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49214, Process: firefox.exe) 2014/03/17 03:49:27 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49215, Process: firefox.exe) 2014/03/17 03:58:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49256, Process: firefox.exe) 2014/03/17 04:00:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49279, Process: firefox.exe) 2014/03/17 04:00:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49280, Process: firefox.exe) 2014/03/17 04:01:38 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49315, Process: firefox.exe) 2014/03/17 04:01:38 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49316, Process: firefox.exe) 2014/03/17 04:01:54 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49342, Process: firefox.exe) 2014/03/17 04:01:54 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49343, Process: firefox.exe) 2014/03/17 04:02:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49355, Process: firefox.exe) 2014/03/17 04:02:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49356, Process: firefox.exe) 2014/03/17 04:02:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49364, Process: firefox.exe) 2014/03/17 04:02:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49365, Process: firefox.exe) 2014/03/17 04:03:06 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49378, Process: firefox.exe) 2014/03/17 04:03:06 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49380, Process: firefox.exe) 2014/03/17 04:03:46 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49417, Process: firefox.exe) 2014/03/17 04:04:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49443, Process: firefox.exe) 2014/03/17 04:04:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49445, Process: firefox.exe) 2014/03/17 04:05:14 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49458, Process: firefox.exe) 2014/03/17 04:05:14 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49459, Process: firefox.exe) 2014/03/17 04:05:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49471, Process: firefox.exe) 2014/03/17 04:05:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49472, Process: firefox.exe) 2014/03/17 04:06:35 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49494, Process: firefox.exe) 2014/03/17 04:06:35 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49495, Process: firefox.exe) 2014/03/17 04:06:43 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49519, Process: firefox.exe) 2014/03/17 04:06:43 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49520, Process: firefox.exe) 2014/03/17 04:08:11 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49535, Process: firefox.exe) 2014/03/17 04:08:11 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49536, Process: firefox.exe) 2014/03/17 04:08:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49551, Process: firefox.exe) 2014/03/17 04:08:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49552, Process: firefox.exe) 2014/03/17 04:08:59 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49562, Process: firefox.exe) 2014/03/17 04:08:59 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49574, Process: firefox.exe) 2014/03/17 04:08:59 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49575, Process: firefox.exe) 2014/03/17 04:09:55 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49595, Process: firefox.exe) 2014/03/17 04:09:55 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49600, Process: firefox.exe) 2014/03/17 04:09:55 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49601, Process: firefox.exe) 2014/03/17 04:10:03 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49610, Process: firefox.exe) 2014/03/17 04:18:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49660, Process: firefox.exe) 2014/03/17 04:18:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49661, Process: firefox.exe) 2014/03/17 04:18:36 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49685, Process: firefox.exe) 2014/03/17 04:18:36 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49686, Process: firefox.exe) 2014/03/17 04:18:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49707, Process: firefox.exe) 2014/03/17 04:18:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49708, Process: firefox.exe) 2014/03/17 04:21:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49727, Process: firefox.exe) 2014/03/17 04:21:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49729, Process: firefox.exe) 2014/03/17 04:22:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49746, Process: firefox.exe) 2014/03/17 04:22:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49747, Process: firefox.exe) 2014/03/17 04:22:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49757, Process: firefox.exe) 2014/03/17 04:23:00 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49780, Process: firefox.exe) 2014/03/17 04:23:00 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49782, Process: firefox.exe) 2014/03/17 04:24:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49802, Process: firefox.exe) 2014/03/17 04:24:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49803, Process: firefox.exe) 2014/03/17 04:25:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49824, Process: firefox.exe) 2014/03/17 04:25:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49825, Process: firefox.exe) 2014/03/17 04:27:08 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49868, Process: firefox.exe) 2014/03/17 04:27:08 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49870, Process: firefox.exe) 2014/03/17 04:30:05 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49896, Process: firefox.exe) 2014/03/17 04:30:05 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49898, Process: firefox.exe) 2014/03/17 08:58:30 +0100 WES-PC Wes MESSAGE Executing scheduled update: Daily 2014/03/17 08:58:38 +0100 WES-PC Wes MESSAGE Starting database refresh 2014/03/17 08:58:38 +0100 WES-PC Wes MESSAGE Stopping IP protection 2014/03/17 08:58:38 +0100 WES-PC Wes MESSAGE Scheduled update executed successfully: database updated from version v2014.03.17.01 to version v2014.03.17.03 2014/03/17 08:58:38 +0100 WES-PC Wes MESSAGE IP Protection stopped successfully 2014/03/17 08:58:50 +0100 WES-PC Wes MESSAGE Database refreshed successfully 2014/03/17 08:58:50 +0100 WES-PC Wes MESSAGE Starting IP protection 2014/03/17 08:58:56 +0100 WES-PC Wes MESSAGE IP Protection started successfully 2014/03/17 11:24:58 +0100 WES-PC Wes MESSAGE Stopping IP protection 2014/03/17 11:24:59 +0100 WES-PC Wes MESSAGE IP Protection stopped successfully 2014/03/17 11:25:29 +0100 WES-PC Wes MESSAGE Starting IP protection 2014/03/17 11:25:35 +0100 WES-PC Wes MESSAGE IP Protection started successfully 2014/03/17 11:25:35 +0100 WES-PC Wes MESSAGE Stopping IP protection 2014/03/17 11:25:35 +0100 WES-PC Wes MESSAGE IP Protection stopped successfully 2014/03/17 11:25:35 +0100 WES-PC Wes MESSAGE Starting IP protection 2014/03/17 11:25:42 +0100 WES-PC Wes MESSAGE IP Protection started successfully 2014/03/17 11:28:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49968, Process: firefox.exe) 2014/03/17 11:28:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49969, Process: firefox.exe) 2014/03/17 11:31:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49985, Process: firefox.exe) 2014/03/17 11:31:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49986, Process: firefox.exe) 2014/03/17 11:31:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49987, Process: firefox.exe) 2014/03/17 11:31:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49990, Process: firefox.exe) 2014/03/17 11:31:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50102, Process: firefox.exe) 2014/03/17 11:31:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50103, Process: firefox.exe) 2014/03/17 11:34:33 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50156, Process: firefox.exe) 2014/03/17 11:34:33 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50157, Process: firefox.exe) 2014/03/17 11:35:13 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50211, Process: firefox.exe) 2014/03/17 11:35:13 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50212, Process: firefox.exe) 2014/03/17 11:35:21 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50235, Process: firefox.exe) 2014/03/17 11:35:21 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50236, Process: firefox.exe) 2014/03/17 11:35:37 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50255, Process: firefox.exe) 2014/03/17 11:35:37 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50256, Process: firefox.exe) 2014/03/17 11:57:37 +0100 WES-PC Wes MESSAGE Starting protection 2014/03/17 11:57:37 +0100 WES-PC Wes MESSAGE Protection started successfully 2014/03/17 11:57:37 +0100 WES-PC Wes MESSAGE Starting IP protection 2014/03/17 11:58:01 +0100 WES-PC Wes MESSAGE IP Protection started successfully 2014/03/17 11:58:54 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49173, Process: firefox.exe) 2014/03/17 11:59:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49185, Process: firefox.exe) 2014/03/17 11:59:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49186, Process: firefox.exe) 2014/03/17 11:59:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49223, Process: firefox.exe) 2014/03/17 11:59:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49226, Process: firefox.exe) 2014/03/17 12:01:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49281, Process: firefox.exe) 2014/03/17 12:01:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49282, Process: firefox.exe) 2014/03/17 12:04:57 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49306, Process: firefox.exe) 2014/03/17 12:04:57 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49307, Process: firefox.exe) 2014/03/17 12:05:29 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49328, Process: firefox.exe) 2014/03/17 12:05:29 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49330, Process: firefox.exe) 2014/03/17 12:06:09 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49352, Process: firefox.exe) 2014/03/17 12:06:09 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49353, Process: firefox.exe) 2014/03/17 12:06:33 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49398, Process: firefox.exe) 2014/03/17 12:06:33 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49399, Process: firefox.exe) 2014/03/17 12:06:57 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49417, Process: firefox.exe) 2014/03/17 12:06:57 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49419, Process: firefox.exe) 2014/03/17 12:11:46 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49489, Process: firefox.exe) 2014/03/17 12:11:46 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49490, Process: firefox.exe) 2014/03/17 12:11:46 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49491, Process: firefox.exe) 2014/03/17 12:14:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49563, Process: firefox.exe) 2014/03/17 12:14:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49565, Process: firefox.exe) 2014/03/17 12:14:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49566, Process: firefox.exe) 2014/03/17 12:17:06 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49588, Process: firefox.exe) 2014/03/17 12:17:06 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49589, Process: firefox.exe) 2014/03/17 12:17:22 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49618, Process: firefox.exe) 2014/03/17 12:17:22 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49620, Process: firefox.exe) 2014/03/17 12:17:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49635, Process: firefox.exe) 2014/03/17 12:17:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49636, Process: firefox.exe) 2014/03/17 12:18:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49647, Process: firefox.exe) 2014/03/17 12:18:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49649, Process: firefox.exe) 2014/03/17 12:18:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49661, Process: firefox.exe) 2014/03/17 12:18:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49663, Process: firefox.exe) 2014/03/17 12:20:10 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49676, Process: firefox.exe) 2014/03/17 12:20:10 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49677, Process: firefox.exe) 2014/03/17 12:20:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49699, Process: firefox.exe) 2014/03/17 12:20:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49701, Process: firefox.exe) 2014/03/17 12:20:59 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49713, Process: firefox.exe) 2014/03/17 12:20:59 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49714, Process: firefox.exe) 2014/03/17 12:21:15 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49732, Process: firefox.exe) 2014/03/17 12:27:23 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49749, Process: firefox.exe) 2014/03/17 12:27:23 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49751, Process: firefox.exe) 2014/03/17 12:28:03 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49762, Process: firefox.exe) 2014/03/17 12:28:03 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49763, Process: firefox.exe) 2014/03/17 12:28:11 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49770, Process: firefox.exe) 2014/03/17 12:31:47 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49785, Process: firefox.exe) 2014/03/17 12:31:47 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49786, Process: firefox.exe) 2014/03/17 12:31:55 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49793, Process: firefox.exe) 2014/03/17 12:31:55 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49794, Process: firefox.exe) 2014/03/17 12:34:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49820, Process: firefox.exe) 2014/03/17 12:34:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49821, Process: firefox.exe) 2014/03/17 12:43:18 +0100 WES-PC Wes MESSAGE Starting protection 2014/03/17 12:43:18 +0100 WES-PC Wes MESSAGE Protection started successfully 2014/03/17 12:43:18 +0100 WES-PC Wes MESSAGE Starting IP protection 2014/03/17 12:43:38 +0100 WES-PC Wes MESSAGE IP Protection started successfully 2014/03/17 12:50:32 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49181, Process: firefox.exe) 2014/03/17 12:51:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49201, Process: firefox.exe) 2014/03/17 12:51:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49202, Process: firefox.exe) 2014/03/17 12:51:20 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49221, Process: firefox.exe) 2014/03/17 12:51:20 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49222, Process: firefox.exe) 2014/03/17 12:51:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49234, Process: firefox.exe) 2014/03/17 12:51:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49235, Process: firefox.exe) 2014/03/17 12:51:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49240, Process: firefox.exe) 2014/03/17 12:51:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49241, Process: firefox.exe) 2014/03/17 12:52:00 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49255, Process: firefox.exe) 2014/03/17 12:55:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49278, Process: firefox.exe) 2014/03/17 12:55:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49279, Process: firefox.exe) 2014/03/17 12:56:01 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49296, Process: firefox.exe) 2014/03/17 12:56:01 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49297, Process: firefox.exe) 2014/03/17 12:59:53 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49314, Process: firefox.exe) 2014/03/17 12:59:53 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49316, Process: firefox.exe) 2014/03/17 13:00:09 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49327, Process: firefox.exe) 2014/03/17 13:00:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49336, Process: firefox.exe) 2014/03/17 13:00:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49337, Process: firefox.exe) 2014/03/17 13:03:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49363, Process: firefox.exe) 2014/03/17 13:03:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49364, Process: firefox.exe) 2014/03/17 13:03:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49386, Process: firefox.exe) 2014/03/17 13:03:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49387, Process: firefox.exe) 2014/03/17 13:03:53 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49392, Process: firefox.exe) 2014/03/17 13:03:53 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49393, Process: firefox.exe) 2014/03/17 13:04:49 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49404, Process: firefox.exe) 2014/03/17 13:04:49 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49406, Process: firefox.exe) 2014/03/17 13:04:57 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49413, Process: firefox.exe) 2014/03/17 13:06:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49427, Process: firefox.exe) 2014/03/17 13:06:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49428, Process: firefox.exe) 2014/03/17 13:06:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49437, Process: firefox.exe) 2014/03/17 13:06:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49438, Process: firefox.exe) 2014/03/17 13:06:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49446, Process: firefox.exe) 2014/03/17 13:06:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49447, Process: firefox.exe) 2014/03/17 13:06:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49455, Process: firefox.exe) 2014/03/17 13:08:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49472, Process: firefox.exe) 2014/03/17 13:08:34 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49480, Process: firefox.exe) 2014/03/17 13:08:34 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49481, Process: firefox.exe) 2014/03/17 13:08:34 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49487, Process: firefox.exe) 2014/03/17 13:08:34 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49488, Process: firefox.exe) 2014/03/17 13:08:42 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49490, Process: firefox.exe) 2014/03/17 13:08:42 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49491, Process: firefox.exe) 2014/03/17 13:08:42 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49498, Process: firefox.exe) 2014/03/17 13:08:42 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49499, Process: firefox.exe) 2014/03/17 13:08:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49505, Process: firefox.exe) 2014/03/17 13:08:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49506, Process: firefox.exe) 2014/03/17 13:08:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49513, Process: firefox.exe) 2014/03/17 13:08:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49514, Process: firefox.exe) 2014/03/17 13:08:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49521, Process: firefox.exe) 2014/03/17 13:08:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49522, Process: firefox.exe) 2014/03/17 13:09:06 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49530, Process: firefox.exe) 2014/03/17 13:09:14 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49539, Process: firefox.exe) 2014/03/17 13:09:14 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49540, Process: firefox.exe) 2014/03/17 13:09:46 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49552, Process: firefox.exe) 2014/03/17 13:09:54 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49561, Process: firefox.exe) 2014/03/17 13:09:54 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49562, Process: firefox.exe) 2014/03/17 13:10:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49570, Process: firefox.exe) 2014/03/17 13:10:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49579, Process: firefox.exe) 2014/03/17 13:10:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49580, Process: firefox.exe) 2014/03/17 13:10:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49588, Process: firefox.exe) 2014/03/17 13:10:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49589, Process: firefox.exe) 2014/03/17 13:10:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49590, Process: firefox.exe) 2014/03/17 13:11:06 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49598, Process: firefox.exe) 2014/03/17 13:11:06 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49599, Process: firefox.exe) 2014/03/17 13:11:06 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49602, Process: firefox.exe) 2014/03/17 13:11:06 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49603, Process: firefox.exe) 2014/03/17 13:11:06 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49607, Process: firefox.exe) 2014/03/17 13:11:14 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49615, Process: firefox.exe) 2014/03/17 13:11:14 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49616, Process: firefox.exe) 2014/03/17 13:11:14 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49623, Process: firefox.exe) 2014/03/17 13:11:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49632, Process: firefox.exe) 2014/03/17 13:11:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49633, Process: firefox.exe) 2014/03/17 13:11:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49641, Process: firefox.exe) 2014/03/17 13:11:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49642, Process: firefox.exe) 2014/03/17 13:12:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49650, Process: firefox.exe) 2014/03/17 13:12:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49652, Process: firefox.exe) 2014/03/17 13:12:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49661, Process: firefox.exe) 2014/03/17 13:12:10 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49667, Process: firefox.exe) 2014/03/17 13:12:10 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49668, Process: firefox.exe) 2014/03/17 13:12:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49675, Process: firefox.exe) 2014/03/17 13:12:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49680, Process: firefox.exe) 2014/03/17 13:12:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49681, Process: firefox.exe) 2014/03/17 13:12:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49706, Process: firefox.exe) 2014/03/17 13:12:34 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49743, Process: firefox.exe) 2014/03/17 13:12:34 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49744, Process: firefox.exe) 2014/03/17 13:22:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49761, Process: firefox.exe) 2014/03/17 13:22:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49762, Process: firefox.exe) 2014/03/17 13:23:07 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49792, Process: firefox.exe) 2014/03/17 13:23:07 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49794, Process: firefox.exe) 2014/03/17 13:23:15 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49818, Process: firefox.exe) 2014/03/17 13:23:15 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49819, Process: firefox.exe) 2014/03/17 13:23:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49844, Process: firefox.exe) 2014/03/17 13:23:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49846, Process: firefox.exe) 2014/03/17 13:24:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49870, Process: firefox.exe) 2014/03/17 13:24:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49871, Process: firefox.exe) 2014/03/17 13:25:00 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49901, Process: firefox.exe) 2014/03/17 13:25:00 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49902, Process: firefox.exe) 2014/03/17 13:25:08 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49938, Process: firefox.exe) 2014/03/17 13:25:24 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49958, Process: firefox.exe) 2014/03/17 13:25:24 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49959, Process: firefox.exe) 2014/03/17 13:25:40 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49991, Process: firefox.exe) 2014/03/17 13:25:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50006, Process: firefox.exe) 2014/03/17 13:25:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50007, Process: firefox.exe) 2014/03/17 13:25:56 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50029, Process: firefox.exe) 2014/03/17 13:25:56 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50030, Process: firefox.exe) 2014/03/17 13:26:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50043, Process: firefox.exe) 2014/03/17 13:26:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50057, Process: firefox.exe) 2014/03/17 13:26:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50058, Process: firefox.exe) 2014/03/17 13:26:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50086, Process: firefox.exe) 2014/03/17 13:26:36 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50104, Process: firefox.exe) 2014/03/17 13:26:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50139, Process: firefox.exe) 2014/03/17 13:26:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50140, Process: firefox.exe) 2014/03/17 13:26:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50162, Process: firefox.exe) 2014/03/17 13:27:33 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50192, Process: firefox.exe) 2014/03/17 13:27:33 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50193, Process: firefox.exe) 2014/03/17 13:56:08 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50223, Process: firefox.exe) 2014/03/17 13:56:08 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50224, Process: firefox.exe) 2014/03/17 13:56:24 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50252, Process: firefox.exe) 2014/03/17 13:57:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50277, Process: firefox.exe) 2014/03/17 13:57:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50279, Process: firefox.exe) 2014/03/17 13:57:20 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50299, Process: firefox.exe) 2014/03/17 13:57:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50323, Process: firefox.exe) 2014/03/17 13:57:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50324, Process: firefox.exe) 2014/03/17 13:57:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50369, Process: firefox.exe) 2014/03/17 13:57:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50371, Process: firefox.exe) 2014/03/17 13:59:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50396, Process: firefox.exe) 2014/03/17 13:59:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50397, Process: firefox.exe) 2014/03/17 14:03:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50458, Process: firefox.exe) 2014/03/17 14:07:21 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50485, Process: firefox.exe) 2014/03/17 14:07:21 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50486, Process: firefox.exe) 2014/03/17 14:07:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50500, Process: firefox.exe) 2014/03/17 14:07:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50501, Process: firefox.exe) 2014/03/17 14:08:09 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50525, Process: firefox.exe) 2014/03/17 14:08:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50541, Process: firefox.exe) 2014/03/17 14:09:13 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50584, Process: firefox.exe) 2014/03/17 14:09:13 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50585, Process: firefox.exe) 2014/03/17 14:09:29 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50606, Process: firefox.exe) 2014/03/17 14:09:29 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50608, Process: firefox.exe) 2014/03/17 14:09:29 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50611, Process: firefox.exe) 2014/03/17 14:09:29 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50612, Process: firefox.exe) 2014/03/17 14:10:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50659, Process: firefox.exe) 2014/03/17 14:10:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50661, Process: firefox.exe) 2014/03/17 14:12:09 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50676, Process: firefox.exe) 2014/03/17 14:12:09 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50677, Process: firefox.exe) 2014/03/17 14:12:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50687, Process: firefox.exe) 2014/03/17 14:12:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50688, Process: firefox.exe) 2014/03/17 14:14:01 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50696, Process: firefox.exe) 2014/03/17 14:14:01 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50703, Process: firefox.exe) 2014/03/17 14:14:01 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50704, Process: firefox.exe) 2014/03/17 14:14:09 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50711, Process: firefox.exe) 2014/03/17 14:14:09 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50712, Process: firefox.exe) 2014/03/17 14:14:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50721, Process: firefox.exe) 2014/03/17 14:14:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50727, Process: firefox.exe) 2014/03/17 14:14:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50728, Process: firefox.exe) 2014/03/17 14:14:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50735, Process: firefox.exe) 2014/03/17 14:14:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50736, Process: firefox.exe) 2014/03/17 14:14:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50744, Process: firefox.exe) 2014/03/17 14:14:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50745, Process: firefox.exe) 2014/03/17 14:14:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50752, Process: firefox.exe) 2014/03/17 14:14:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50753, Process: firefox.exe) 2014/03/17 14:15:14 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50779, Process: firefox.exe) 2014/03/17 14:15:14 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50781, Process: firefox.exe) 2014/03/17 14:16:10 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50815, Process: firefox.exe) 2014/03/17 14:16:10 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50816, Process: firefox.exe) 2014/03/17 14:16:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50830, Process: firefox.exe) 2014/03/17 14:16:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50831, Process: firefox.exe) 2014/03/17 14:16:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50873, Process: firefox.exe) 2014/03/17 14:16:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50874, Process: firefox.exe) 2014/03/17 14:17:38 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50893, Process: firefox.exe) 2014/03/17 14:17:38 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50894, Process: firefox.exe) 2014/03/17 14:20:42 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50913, Process: firefox.exe) 2014/03/17 14:20:42 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50914, Process: firefox.exe) 2014/03/17 14:20:42 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50916, Process: firefox.exe) 2014/03/17 14:23:39 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50944, Process: firefox.exe) 2014/03/17 14:23:39 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50945, Process: firefox.exe) 2014/03/17 14:23:47 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50963, Process: firefox.exe) 2014/03/17 14:23:47 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50964, Process: firefox.exe) 2014/03/17 14:23:55 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50991, Process: firefox.exe) 2014/03/17 14:24:11 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51016, Process: firefox.exe) 2014/03/17 14:24:19 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51035, Process: firefox.exe) 2014/03/17 14:24:19 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51036, Process: firefox.exe) 2014/03/17 14:24:35 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51056, Process: firefox.exe) 2014/03/17 14:24:43 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51080, Process: firefox.exe) 2014/03/17 14:25:47 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51091, Process: firefox.exe) 2014/03/17 14:25:55 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51098, Process: firefox.exe) 2014/03/17 14:25:55 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51101, Process: firefox.exe) 2014/03/17 14:26:19 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51112, Process: firefox.exe) 2014/03/17 14:26:19 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51113, Process: firefox.exe) 2014/03/17 14:26:19 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51116, Process: firefox.exe) 2014/03/17 14:26:19 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51117, Process: firefox.exe) 2014/03/17 14:26:27 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51120, Process: firefox.exe) 2014/03/17 14:26:27 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51121, Process: firefox.exe) 2014/03/17 14:26:35 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51128, Process: firefox.exe) 2014/03/17 14:26:43 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51135, Process: firefox.exe) 2014/03/17 14:26:43 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51136, Process: firefox.exe) 2014/03/17 14:26:43 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51139, Process: firefox.exe) 2014/03/17 14:26:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51148, Process: firefox.exe) 2014/03/17 14:27:07 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51157, Process: firefox.exe) 2014/03/17 14:27:16 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51163, Process: firefox.exe) 2014/03/17 14:27:16 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51164, Process: firefox.exe) 2014/03/17 14:27:24 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51168, Process: firefox.exe) 2014/03/17 14:27:24 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51169, Process: firefox.exe) 2014/03/17 14:27:40 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51191, Process: firefox.exe) 2014/03/17 14:28:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51205, Process: firefox.exe) 2014/03/17 14:28:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51206, Process: firefox.exe) 2014/03/17 14:28:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51207, Process: firefox.exe) 2014/03/17 14:28:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51220, Process: firefox.exe) 2014/03/17 14:28:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51221, Process: firefox.exe) 2014/03/17 14:30:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51237, Process: firefox.exe) 2014/03/17 14:30:20 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51258, Process: firefox.exe) 2014/03/17 14:30:20 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51259, Process: firefox.exe) 2014/03/17 14:30:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51265, Process: firefox.exe) 2014/03/17 14:30:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51266, Process: firefox.exe) 2014/03/17 14:32:20 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51293, Process: firefox.exe) 2014/03/17 14:32:20 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51294, Process: firefox.exe) 2014/03/17 14:32:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51318, Process: firefox.exe) 2014/03/17 14:32:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51319, Process: firefox.exe) 2014/03/17 14:32:36 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51325, Process: firefox.exe) 2014/03/17 14:32:36 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51326, Process: firefox.exe) 2014/03/17 14:32:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51351, Process: firefox.exe) 2014/03/17 14:32:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51353, Process: firefox.exe) 2014/03/17 14:33:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51371, Process: firefox.exe) 2014/03/17 14:33:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51372, Process: firefox.exe) 2014/03/17 14:33:33 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51377, Process: firefox.exe) 2014/03/17 14:33:33 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51378, Process: firefox.exe) 2014/03/17 14:33:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51380, Process: firefox.exe) 2014/03/17 14:33:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51381, Process: firefox.exe) 2014/03/17 14:33:49 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51384, Process: firefox.exe) 2014/03/17 14:33:49 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 51385, Process: firefox.exe) 2014/03/17 15:03:11 +0100 WES-PC Wes MESSAGE Starting protection 2014/03/17 15:03:11 +0100 WES-PC Wes MESSAGE Protection started successfully 2014/03/17 15:03:11 +0100 WES-PC Wes MESSAGE Starting IP protection 2014/03/17 15:03:24 +0100 WES-PC Wes MESSAGE IP Protection started successfully 2014/03/17 15:08:24 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49190, Process: firefox.exe) 2014/03/17 15:08:24 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49191, Process: firefox.exe) 2014/03/17 15:08:32 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49219, Process: firefox.exe) 2014/03/17 15:09:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49252, Process: firefox.exe) 2014/03/17 15:09:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49253, Process: firefox.exe) 2014/03/17 15:09:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49270, Process: firefox.exe) 2014/03/17 15:09:52 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49271, Process: firefox.exe) 2014/03/17 15:10:00 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49284, Process: firefox.exe) 2014/03/17 15:10:00 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49285, Process: firefox.exe) 2014/03/17 15:10:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49308, Process: firefox.exe) 2014/03/17 15:10:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49309, Process: firefox.exe) 2014/03/17 15:10:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49336, Process: firefox.exe) 2014/03/17 15:10:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49338, Process: firefox.exe) 2014/03/17 15:10:57 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49354, Process: firefox.exe) 2014/03/17 15:10:57 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49355, Process: firefox.exe) 2014/03/17 15:11:05 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49374, Process: firefox.exe) 2014/03/17 15:11:05 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49375, Process: firefox.exe) 2014/03/17 15:11:53 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49399, Process: firefox.exe) 2014/03/17 15:11:53 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49400, Process: firefox.exe) 2014/03/17 15:12:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49430, Process: firefox.exe) 2014/03/17 15:12:17 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49434, Process: firefox.exe) 2014/03/17 15:12:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49462, Process: firefox.exe) 2014/03/17 15:12:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49512, Process: firefox.exe) 2014/03/17 15:12:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49513, Process: firefox.exe) 2014/03/17 15:12:49 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49517, Process: firefox.exe) 2014/03/17 15:12:49 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49518, Process: firefox.exe) 2014/03/17 15:13:13 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49564, Process: firefox.exe) 2014/03/17 15:13:13 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49566, Process: firefox.exe) 2014/03/17 15:14:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49579, Process: firefox.exe) 2014/03/17 15:14:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49596, Process: firefox.exe) 2014/03/17 15:14:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49597, Process: firefox.exe) 2014/03/17 15:14:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49603, Process: firefox.exe) 2014/03/17 15:14:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49604, Process: firefox.exe) 2014/03/17 15:15:22 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49621, Process: firefox.exe) 2014/03/17 15:15:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49628, Process: firefox.exe) 2014/03/17 15:15:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49629, Process: firefox.exe) 2014/03/17 15:15:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49636, Process: firefox.exe) 2014/03/17 15:15:30 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49637, Process: firefox.exe) 2014/03/17 15:15:46 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49661, Process: firefox.exe) 2014/03/17 15:15:46 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49663, Process: firefox.exe) 2014/03/17 15:17:05 +0100 WES-PC Wes MESSAGE Starting database refresh 2014/03/17 15:17:05 +0100 WES-PC Wes MESSAGE Stopping IP protection 2014/03/17 15:17:05 +0100 WES-PC Wes MESSAGE IP Protection stopped successfully 2014/03/17 15:17:09 +0100 WES-PC Wes MESSAGE Database refreshed successfully 2014/03/17 15:17:09 +0100 WES-PC Wes MESSAGE Starting IP protection 2014/03/17 15:17:15 +0100 WES-PC Wes MESSAGE IP Protection started successfully 2014/03/17 15:49:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49709, Process: firefox.exe) 2014/03/17 15:49:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49711, Process: firefox.exe) 2014/03/17 15:49:20 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49741, Process: firefox.exe) 2014/03/17 15:50:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49767, Process: firefox.exe) 2014/03/17 15:50:48 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49769, Process: firefox.exe) 2014/03/17 15:50:56 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49788, Process: firefox.exe) 2014/03/17 15:50:56 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49789, Process: firefox.exe) 2014/03/17 15:51:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49808, Process: firefox.exe) 2014/03/17 15:51:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49809, Process: firefox.exe) 2014/03/17 15:51:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49819, Process: firefox.exe) 2014/03/17 15:51:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49820, Process: firefox.exe) 2014/03/17 15:51:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49827, Process: firefox.exe) 2014/03/17 15:51:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49829, Process: firefox.exe) 2014/03/17 15:51:28 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49837, Process: firefox.exe) 2014/03/17 15:51:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49873, Process: firefox.exe) 2014/03/17 15:53:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49891, Process: firefox.exe) 2014/03/17 15:53:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49892, Process: firefox.exe) 2014/03/17 15:53:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49894, Process: firefox.exe) 2014/03/17 15:53:45 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49902, Process: firefox.exe) 2014/03/17 15:54:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49912, Process: firefox.exe) 2014/03/17 15:54:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49921, Process: firefox.exe) 2014/03/17 15:54:25 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49922, Process: firefox.exe) 2014/03/17 15:54:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49930, Process: firefox.exe) 2014/03/17 15:54:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49931, Process: firefox.exe) 2014/03/17 15:54:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49939, Process: firefox.exe) 2014/03/17 15:54:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49940, Process: firefox.exe) 2014/03/17 15:54:57 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49959, Process: firefox.exe) 2014/03/17 15:54:57 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49961, Process: firefox.exe) 2014/03/17 15:56:33 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49988, Process: firefox.exe) 2014/03/17 15:56:33 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 49989, Process: firefox.exe) 2014/03/17 15:56:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50016, Process: firefox.exe) 2014/03/17 15:56:41 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50017, Process: firefox.exe) 2014/03/17 15:57:05 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50038, Process: firefox.exe) 2014/03/17 15:57:05 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50039, Process: firefox.exe) 2014/03/17 15:57:21 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50068, Process: firefox.exe) 2014/03/17 15:57:21 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50070, Process: firefox.exe) 2014/03/17 15:57:37 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50090, Process: firefox.exe) 2014/03/17 15:57:37 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50091, Process: firefox.exe) 2014/03/17 15:57:37 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50107, Process: firefox.exe) 2014/03/17 15:57:37 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50109, Process: firefox.exe) 2014/03/17 15:57:37 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50110, Process: firefox.exe) 2014/03/17 15:58:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50123, Process: firefox.exe) 2014/03/17 15:58:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50125, Process: firefox.exe) 2014/03/17 15:58:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50132, Process: firefox.exe) 2014/03/17 15:58:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50133, Process: firefox.exe) 2014/03/17 15:58:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50140, Process: firefox.exe) 2014/03/17 15:58:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50141, Process: firefox.exe) 2014/03/17 15:58:58 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50148, Process: firefox.exe) 2014/03/17 16:33:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50178, Process: firefox.exe) 2014/03/17 16:33:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50179, Process: firefox.exe) 2014/03/17 16:33:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50206, Process: firefox.exe) 2014/03/17 16:33:26 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50207, Process: firefox.exe) 2014/03/17 16:33:34 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50229, Process: firefox.exe) 2014/03/17 16:33:34 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50230, Process: firefox.exe) 2014/03/17 16:34:38 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50259, Process: firefox.exe) 2014/03/17 16:35:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50283, Process: firefox.exe) 2014/03/17 16:35:02 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50284, Process: firefox.exe) 2014/03/17 16:35:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50307, Process: firefox.exe) 2014/03/17 16:35:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50309, Process: firefox.exe) 2014/03/17 16:35:50 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50339, Process: firefox.exe) 2014/03/17 16:39:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50368, Process: firefox.exe) 2014/03/17 16:39:18 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50370, Process: firefox.exe) 2014/03/17 16:39:34 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50399, Process: firefox.exe) 2014/03/17 16:39:34 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50400, Process: firefox.exe) 2014/03/17 16:42:39 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50424, Process: firefox.exe) 2014/03/17 16:42:39 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50425, Process: firefox.exe) 2014/03/17 16:42:47 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50428, Process: firefox.exe) 2014/03/17 16:42:47 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50429, Process: firefox.exe) 2014/03/17 16:43:03 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50437, Process: firefox.exe) 2014/03/17 16:43:03 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50438, Process: firefox.exe) 2014/03/17 16:43:11 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50446, Process: firefox.exe) 2014/03/17 16:43:11 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50447, Process: firefox.exe) 2014/03/17 16:43:19 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50454, Process: firefox.exe) 2014/03/17 16:43:19 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50462, Process: firefox.exe) 2014/03/17 16:43:19 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50463, Process: firefox.exe) 2014/03/17 16:43:27 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50470, Process: firefox.exe) 2014/03/17 16:43:27 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50471, Process: firefox.exe) 2014/03/17 16:43:35 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50477, Process: firefox.exe) 2014/03/17 16:43:35 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50478, Process: firefox.exe) 2014/03/17 16:43:43 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50486, Process: firefox.exe) 2014/03/17 16:43:43 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50487, Process: firefox.exe) 2014/03/17 16:43:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50495, Process: firefox.exe) 2014/03/17 16:43:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50504, Process: firefox.exe) 2014/03/17 16:43:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50505, Process: firefox.exe) 2014/03/17 16:43:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50508, Process: firefox.exe) 2014/03/17 16:43:51 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50509, Process: firefox.exe) 2014/03/17 16:43:59 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50515, Process: firefox.exe) 2014/03/17 16:43:59 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50516, Process: firefox.exe) 2014/03/17 16:44:07 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50524, Process: firefox.exe) 2014/03/17 16:44:07 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50525, Process: firefox.exe) 2014/03/17 16:44:15 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50548, Process: firefox.exe) 2014/03/17 16:44:15 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50549, Process: firefox.exe) 2014/03/17 16:44:39 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50590, Process: firefox.exe) 2014/03/17 16:45:35 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50613, Process: firefox.exe) 2014/03/17 16:45:35 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50616, Process: firefox.exe) 2014/03/17 16:45:43 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50632, Process: firefox.exe) 2014/03/17 16:45:43 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50633, Process: firefox.exe) 2014/03/17 16:46:07 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50646, Process: firefox.exe) 2014/03/17 16:46:07 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50648, Process: firefox.exe) 2014/03/17 16:46:23 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50662, Process: firefox.exe) 2014/03/17 16:46:23 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50663, Process: firefox.exe) 2014/03/17 16:51:04 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50681, Process: firefox.exe) 2014/03/17 16:51:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50704, Process: firefox.exe) 2014/03/17 16:51:20 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50716, Process: firefox.exe) 2014/03/17 16:51:20 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50717, Process: firefox.exe) 2014/03/17 16:51:36 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50726, Process: firefox.exe) 2014/03/17 16:51:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50736, Process: firefox.exe) 2014/03/17 16:51:44 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50737, Process: firefox.exe) 2014/03/17 16:57:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50756, Process: firefox.exe) 2014/03/17 16:57:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50758, Process: firefox.exe) 2014/03/17 16:59:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50770, Process: firefox.exe) 2014/03/17 16:59:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50771, Process: firefox.exe) 2014/03/17 16:59:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50782, Process: firefox.exe) 2014/03/17 16:59:12 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50783, Process: firefox.exe) 2014/03/17 17:31:56 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50808, Process: firefox.exe) 2014/03/17 17:31:56 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50809, Process: firefox.exe) 2014/03/17 17:32:05 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50827, Process: firefox.exe) 2014/03/17 17:32:05 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50829, Process: firefox.exe) 2014/03/17 17:34:05 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50846, Process: firefox.exe) 2014/03/17 17:34:05 +0100 WES-PC Wes IP-BLOCK 5.153.38.132 (Type: outgoing, Port: 50848, Process: firefox.exe) Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.17.05 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Wes :: WES-PC [Administrator] Schutz: Aktiviert 17.03.2014 15:17:48 mbam-log-2014-03-17 (15-17-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204992 Laufzeit: 6 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.17.03 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Wes :: WES-PC [Administrator] Schutz: Aktiviert 17.03.2014 15:16:30 mbam-log-2014-03-17 (15-16-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 21 Laufzeit: 4 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.17.01 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Wes :: WES-PC [Administrator] Schutz: Aktiviert 17.03.2014 04:38:11 mbam-log-2014-03-17 (04-38-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 359737 Laufzeit: 1 Stunde(n), 34 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.17.01 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Wes :: WES-PC [Administrator] Schutz: Aktiviert 17.03.2014 01:56:32 mbam-log-2014-03-17 (01-56-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205616 Laufzeit: 6 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.12.06 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Wes :: WES-PC [Administrator] Schutz: Aktiviert 17.03.2014 01:54:41 mbam-log-2014-03-17 (01-54-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 644 Laufzeit: 25 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) www.malwarebytes.org Datenbank Version: v2014.03.12.06 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Wes :: WES-PC [Administrator] Schutz: Aktiviert 17.03.2014 01:18:58 mbam-log-2014-03-17 (01-18-58).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 33187 Laufzeit: 2 Minute(n), 12 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.12.06 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Wes :: WES-PC [Administrator] Schutz: Aktiviert 15.03.2014 14:35:09 mbam-log-2014-03-15 (14-35-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204345 Laufzeit: 6 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Habs mehrfach durchlaufen lassen, daher die Wiederholungen. Automatische Weiterleitung hat sich übrigens gerade wieder gezeigt. (Muß im Übrigen gleich weg, werde erst später antworten können) |
17.03.2014, 17:43 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Nochmal: die nächsten Logs bitte in CODE-Tags posten! Außerdem fehlt immer noch das andere FRST Log
__________________ --> Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind |
18.03.2014, 01:37 | #7 |
| Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Hab den scan nochmal gemacht und das Häkchen bei additional scan hinzugefügt. Ich nehme an, das das folgende das ist, was noch gefehlt hat. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Wes at 2014-03-18 01:33:45 Running from C:\Users\Wes\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.) Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) a-squared Free 4.5 (HKLM\...\a-squared Free_is1) (Version: 4.5 - Emsi Software GmbH) Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - ) AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation) Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.13 - Piriform) Comodo HopSurf (HKLM\...\Comodo HopSurf Toolbar) (Version: 1.0.0.2 - Comodo Security Solutions, Inc.) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.) DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.) DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.) DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.) DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.) DSL-Speedtest (HKLM\...\{5C98D841-6392-41F1-A80E-B1A741F32A95}) (Version: 1.00.0000 - COMPUTER BILD) Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - ) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung) Easy Network Manager 4.0 (HKLM\...\InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}) (Version: 4.0.0.13 - Samsung) Easy Network Manager 4.0 (Version: 4.0.0.13 - Samsung) Hidden Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - ) Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM\...\WOLAPI) (Version: - ) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.) imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD) Intel PROSet Wireless (Version: - ) Hidden Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.9.10 - IObit) Last.fm 1.5.4.24567 (HKLM\...\LastFM_is1) (Version: - Last.fm) MAGIX Screenshare (HKLM\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.) Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) MSN Toolbar (HKLM\...\{8FBC9407-713D-4B8A-98D2-57210DA56049}) (Version: 3.0.744.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) OnlineFotoservice (HKLM\...\OnlineFotoservice) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA) OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) PC Wizard 2008.1.871 (HKLM\...\PC Wizard 2008_is1) (Version: - Laurent KUTIL & Franck DELATTRE) PKR (HKLM\...\PKR) (Version: - PKR Ltd) PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.) Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD) Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.6 - Samsung) Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 1.0.00.14080 - Sony Corporation) Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.0 - Safer Networking Limited) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN) Wartung Samsung ML-1660 Series (HKLM\...\Samsung ML-1660 Series) (Version: - Samsung Electronics Co., Ltd.) WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.) Winamp (HKLM\...\Winamp) (Version: 5.601 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft) ZoneAlarm Toolbar (Version: - Check Point Software Technologies) Hidden ==================== Restore Points ========================= 05-03-2014 11:52:48 Geplanter Prüfpunkt 06-03-2014 11:37:24 Geplanter Prüfpunkt 10-03-2014 12:46:02 Geplanter Prüfpunkt 11-03-2014 12:07:19 Geplanter Prüfpunkt 12-03-2014 02:16:34 Windows Update 13-03-2014 12:42:57 Geplanter Prüfpunkt 14-03-2014 11:00:26 Windows Update 15-03-2014 14:06:31 Geplanter Prüfpunkt 17-03-2014 03:32:02 Revo Uninstaller's restore point - Comodo HopSurf 17-03-2014 10:44:32 Removed Java 7 Update 25 17-03-2014 12:21:00 Removed COMODO livePCsupport ==================== Hosts content: ========================== 2006-11-02 11:23 - 2014-03-17 03:33 - 00450757 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {0E935E62-1D7B-4E30-AB0D-2807DA10CB83} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {23778673-6685-49B3-BEBB-4B9FA1BBA642} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {4430BC74-0F34-4E50-BC6B-F50861458A9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {70123431-D3B0-44E9-8554-1A05B93730AD} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics) Task: {90255043-B028-41AF-B007-6EED10787515} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.) Task: {9F6C35C3-D046-4518-8C23-0A3649E798E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.) Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {BC918486-39FE-4CFE-BFD2-05C89247C781} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-17] (IObit) Task: {C6D1C84C-0891-4E7E-B2D4-8B200E31F411} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-22 05:47 - 2009-08-10 08:07 - 00026624 _____ () C:\Windows\System32\ssp7ml3.dll 2014-02-24 14:15 - 2014-02-14 11:00 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll 2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2008-09-12 05:02 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll 2013-08-27 12:44 - 2010-01-06 08:03 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe 2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2008-05-13 01:13 - 2008-05-13 01:13 - 00085672 _____ () C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Wes\Desktop\prim.mpg:TOC.WMV ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/18/2014 01:03:39 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 03:04:21 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 00:44:19 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 00:37:16 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, fehlerhaftes Modul Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, Ausnahmecode 0xc0000005, Fehleroffset 0x00012298, Prozess-ID 0x72c, Anwendungsstartzeit Gmer-19357.exe0. Error: (03/17/2014 11:58:52 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 11:35:49 AM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung firefox.exe, Version 27.0.1.5156, Zeitstempel 0x52fc0faa, fehlerhaftes Modul xul.dll, Version 27.0.1.5156, Zeitstempel 0x52fc0f79, Ausnahmecode 0xc0000005, Fehleroffset 0x001560c7, Prozess-ID 0xfd0, Anwendungsstartzeit firefox.exe0. Error: (03/17/2014 04:31:59 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005. Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {9d4116c3-fe82-446b-91dd-301528da887d} System errors: ============= Error: (03/18/2014 01:04:41 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: 0x80070032 Error: (03/18/2014 01:03:40 AM) (Source: Service Control Manager) (User: ) Description: DgiVecp%%2 Error: (03/18/2014 01:03:40 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (03/18/2014 01:03:40 AM) (Source: Service Control Manager) (User: ) Description: ZoneAlarm Toolbar IswSvcZoneAlarm Toolbar ISWKL%%3 Error: (03/18/2014 01:03:40 AM) (Source: Service Control Manager) (User: ) Description: ZoneAlarm Toolbar ISWKL%%3 Error: (03/18/2014 01:02:00 AM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (03/17/2014 03:05:18 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: 0x80070032 Error: (03/17/2014 03:04:22 PM) (Source: Service Control Manager) (User: ) Description: DgiVecp%%2 Error: (03/17/2014 03:04:22 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (03/17/2014 03:04:22 PM) (Source: Service Control Manager) (User: ) Description: ZoneAlarm Toolbar IswSvcZoneAlarm Toolbar ISWKL%%3 Microsoft Office Sessions: ========================= Error: (03/18/2014 01:03:39 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 03:04:21 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 00:44:19 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 00:37:16 PM) (Source: Application Error)(User: ) Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c00000050001229872c01cf41d5016e3f97 Error: (03/17/2014 11:58:52 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/17/2014 11:35:49 AM) (Source: Application Error)(User: ) Description: firefox.exe27.0.1.515652fc0faaxul.dll27.0.1.515652fc0f79c0000005001560c7fd001cf41cba5ff81dd Error: (03/17/2014 04:31:59 AM) (Source: VSS)(User: ) Description: 0x80070005 Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {9d4116c3-fe82-446b-91dd-301528da887d} CodeIntegrity Errors: =================================== Date: 2014-03-18 01:33:28.952 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 01:33:28.796 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 01:33:28.640 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 01:33:28.484 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 01:33:28.297 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 01:33:28.141 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 01:33:27.969 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 01:33:27.798 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-17 16:48:43.258 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-17 16:48:43.117 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 3065.87 MB Available physical RAM: 1994.58 MB Total Pagefile: 6356.15 MB Available Pagefile: 5179.68 MB Total Virtual: 2047.88 MB Available Virtual: 1913.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:144.09 GB) (Free:50.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:144 GB) (Free:137.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 0201FF32) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
18.03.2014, 07:02 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2014, 12:25 | #9 |
| Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfindCode:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 18/03/2014 um 12:10:20 # Aktualisiert 13/03/2014 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # Benutzername : Wes - WES-PC # Gestartet von : C:\Users\Wes\Desktop\adwcleaner_3.022.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v7.0.6001.18602 -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\prefs.js ] ************************* AdwCleaner[R0].txt - [20507 octets] - [13/03/2014 01:12:19] AdwCleaner[R1].txt - [927 octets] - [13/03/2014 01:21:27] AdwCleaner[R2].txt - [1051 octets] - [17/03/2014 11:53:31] AdwCleaner[R3].txt - [1172 octets] - [18/03/2014 12:08:32] AdwCleaner[S0].txt - [20529 octets] - [13/03/2014 01:14:43] AdwCleaner[S1].txt - [987 octets] - [13/03/2014 01:22:58] AdwCleaner[S2].txt - [1113 octets] - [17/03/2014 11:56:00] AdwCleaner[S3].txt - [1094 octets] - [18/03/2014 12:10:20] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1154 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows Vista (TM) Home Premium x86 Ran by Wes on 18.03.2014 at 12:15:05,17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Wes\AppData\Roaming\mozilla\firefox\profiles\8lsw7d9v.default\prefs.js user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.name", "HDvid-Codec V9.0"); Emptied folder: C:\Users\Wes\AppData\Roaming\mozilla\firefox\profiles\8lsw7d9v.default\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18.03.2014 at 12:19:27,33 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Wes (administrator) on WES-PC on 18-03-2014 12:24:20 Running from C:\Users\Wes\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Emsi Software GmbH) C:\Program Files\a-squared Free\a2service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe () C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [ISW] - [X] HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-01-06] () HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM - HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll No File Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default FF DefaultSearchEngine: StartWeb FF SelectedSearchEngine: StartWeb FF Homepage: https://www.google.de/ FF NetworkProxy: "ftp", "46.22.173.9" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "46.22.173.9" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "46.22.173.9" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "46.22.173.9" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HDvid-Codec V9.0 - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com [2014-03-08] FF Extension: DownloadHelper - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27] FF Extension: Stealthy - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\stealthyextension@gmail.com.xpi [2011-08-31] FF Extension: GrabRez - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-03-05] FF Extension: Adblock Plus - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}] - C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker ========================== Services (Whitelisted) ================= R2 a2free; C:\Program Files\a-squared Free\a2service.exe [719392 2009-07-13] (Emsi Software GmbH) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-17] (IObit) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () S2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG) S3 cpuz129; C:\Program Files\PC Wizard 2008\pcwiz32.sys [9600 2008-01-25] (Windows (R) Codename Longhorn DDK provider) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH) R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55224 2014-03-02] (StdLib) R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242048 2008-06-05] (Vimicro Corporation) S3 cpuz132; \??\C:\Users\Wes\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-18 12:24 - 2014-03-18 12:24 - 00012822 _____ () C:\Users\Wes\Desktop\FRST.txt 2014-03-18 12:19 - 2014-03-18 12:19 - 00001015 _____ () C:\Users\Wes\Desktop\JRT.txt 2014-03-17 12:44 - 2014-03-17 12:44 - 00138832 _____ () C:\Windows\Minidump\Mini031714-01.dmp 2014-03-17 12:42 - 2014-03-17 12:44 - 223734794 _____ () C:\Windows\MEMORY.DMP 2014-03-17 12:34 - 2014-03-17 12:34 - 00380416 _____ () C:\Users\Wes\Desktop\Gmer-19357.exe 2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe 2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable 2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe 2014-03-17 11:43 - 2014-02-13 14:32 - 00000426 _____ () C:\AVScanner.ini 2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe 2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe 2014-03-17 04:11 - 2014-03-17 11:41 - 00000000 ____D () C:\ProgramData\IObit 2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Program Files\IObit 2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe 2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt 2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe 2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT 2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe 2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm 2014-03-17 03:33 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033333.backup 2014-03-17 03:32 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033248.backup 2014-03-13 01:12 - 2014-03-18 12:10 - 00000000 ____D () C:\AdwCleaner 2014-03-13 00:43 - 2014-03-18 12:24 - 00000000 ____D () C:\FRST 2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe 2014-03-12 03:21 - 2014-03-12 03:24 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-03-12 03:14 - 2011-07-06 15:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2014-03-12 03:14 - 2011-06-02 13:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 03:14 - 2011-05-02 16:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-03-12 03:14 - 2011-04-29 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-03-12 03:14 - 2011-04-21 14:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-03-12 03:14 - 2011-04-20 15:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-03-12 03:14 - 2011-04-20 15:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-03-12 03:14 - 2011-04-14 15:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-03-12 03:14 - 2010-12-20 16:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-03-12 03:13 - 2011-04-29 15:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-03-06 00:13 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140306-001303.backup 2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe 2014-03-05 04:16 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-041616.backup 2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys 2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira 2014-02-24 14:15 - 2014-02-14 11:00 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys ==================== One Month Modified Files and Folders ======= 2014-03-18 12:24 - 2014-03-18 12:24 - 00012822 _____ () C:\Users\Wes\Desktop\FRST.txt 2014-03-18 12:24 - 2014-03-13 00:43 - 00000000 ____D () C:\FRST 2014-03-18 12:19 - 2014-03-18 12:19 - 00001015 _____ () C:\Users\Wes\Desktop\JRT.txt 2014-03-18 12:15 - 2009-01-17 01:10 - 02027075 _____ () C:\Windows\WindowsUpdate.log 2014-03-18 12:12 - 2009-01-17 00:30 - 00136265 _____ () C:\ProgramData\nvModes.001 2014-03-18 12:11 - 2013-09-19 12:29 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-18 12:11 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-18 12:11 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-18 12:11 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-18 12:10 - 2014-03-13 01:12 - 00000000 ____D () C:\AdwCleaner 2014-03-18 12:10 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-18 12:10 - 2006-11-02 14:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-18 04:56 - 2012-05-03 11:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-18 04:39 - 2013-09-19 12:29 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-17 13:21 - 2010-04-24 01:02 - 00000000 ____D () C:\Program Files\Comodo 2014-03-17 12:44 - 2014-03-17 12:44 - 00138832 _____ () C:\Windows\Minidump\Mini031714-01.dmp 2014-03-17 12:44 - 2014-03-17 12:42 - 223734794 _____ () C:\Windows\MEMORY.DMP 2014-03-17 12:44 - 2009-05-25 09:55 - 00000000 ____D () C:\Windows\Minidump 2014-03-17 12:34 - 2014-03-17 12:34 - 00380416 _____ () C:\Users\Wes\Desktop\Gmer-19357.exe 2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe 2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable 2014-03-17 12:29 - 2009-02-04 12:00 - 00000000 ____D () C:\Users\Wes 2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe 2014-03-17 11:57 - 2011-12-31 11:06 - 00668032 _____ () C:\Windows\PFRO.log 2014-03-17 11:46 - 2012-04-09 18:01 - 00000000 ____D () C:\Westwood 2014-03-17 11:41 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\IObit 2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe 2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe 2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Program Files\IObit 2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe 2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt 2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe 2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT 2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe 2014-03-17 03:44 - 2009-03-09 21:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm 2014-03-12 04:20 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe 2014-03-12 03:37 - 2009-01-17 00:29 - 00136265 _____ () C:\ProgramData\nvModes.dat 2014-03-12 03:34 - 2006-11-02 13:47 - 00395824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 03:27 - 2009-02-20 11:40 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-03-12 03:24 - 2014-03-12 03:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-03-12 02:56 - 2012-05-03 11:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-12 02:56 - 2011-05-20 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-07 01:53 - 2009-12-14 14:37 - 00000000 ____D () C:\Users\Wes\Desktop\Dokumente 2014-03-05 17:10 - 2008-09-11 16:11 - 00000000 ____D () C:\Windows\de-DE 2014-03-05 12:20 - 2012-12-20 14:46 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-05 12:20 - 2011-08-11 00:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe 2014-03-04 04:39 - 2012-05-03 14:21 - 00000000 ____D () C:\Program Files\PKR 2014-03-02 14:03 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys 2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira 2014-02-24 13:54 - 2012-12-20 18:05 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-02-23 20:12 - 2006-11-02 11:23 - 00002577 _____ () C:\Windows\system32\config.nt 2014-02-16 15:08 - 2011-12-02 14:58 - 00000000 ____D () C:\Users\Wes\Documents\MAGIX_MxTray 2014-02-16 15:08 - 2011-12-02 14:49 - 00000000 ____D () C:\ProgramData\MAGIX Some content of TEMP: ==================== C:\Users\Wes\AppData\Local\Temp\avgnt.exe C:\Users\Wes\AppData\Local\Temp\promote-upx.exe C:\Users\Wes\AppData\Local\Temp\Quarantine.exe C:\Users\Wes\AppData\Local\Temp\Uninst.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-18 12:18 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Wes at 2014-03-18 12:25:08 Running from C:\Users\Wes\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.) Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) a-squared Free 4.5 (HKLM\...\a-squared Free_is1) (Version: 4.5 - Emsi Software GmbH) Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - ) AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation) Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.13 - Piriform) Comodo HopSurf (HKLM\...\Comodo HopSurf Toolbar) (Version: 1.0.0.2 - Comodo Security Solutions, Inc.) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.) DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.) DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.) DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.) DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.) DSL-Speedtest (HKLM\...\{5C98D841-6392-41F1-A80E-B1A741F32A95}) (Version: 1.00.0000 - COMPUTER BILD) Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - ) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung) Easy Network Manager 4.0 (HKLM\...\InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}) (Version: 4.0.0.13 - Samsung) Easy Network Manager 4.0 (Version: 4.0.0.13 - Samsung) Hidden Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - ) Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM\...\WOLAPI) (Version: - ) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.) imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD) Intel PROSet Wireless (Version: - ) Hidden Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.9.10 - IObit) Last.fm 1.5.4.24567 (HKLM\...\LastFM_is1) (Version: - Last.fm) MAGIX Screenshare (HKLM\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.) Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) MSN Toolbar (HKLM\...\{8FBC9407-713D-4B8A-98D2-57210DA56049}) (Version: 3.0.744.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) OnlineFotoservice (HKLM\...\OnlineFotoservice) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA) OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) PC Wizard 2008.1.871 (HKLM\...\PC Wizard 2008_is1) (Version: - Laurent KUTIL & Franck DELATTRE) PKR (HKLM\...\PKR) (Version: - PKR Ltd) PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.) Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD) Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.6 - Samsung) Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 1.0.00.14080 - Sony Corporation) Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.0 - Safer Networking Limited) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN) Wartung Samsung ML-1660 Series (HKLM\...\Samsung ML-1660 Series) (Version: - Samsung Electronics Co., Ltd.) WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.) Winamp (HKLM\...\Winamp) (Version: 5.601 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft) ZoneAlarm Toolbar (Version: - Check Point Software Technologies) Hidden ==================== Restore Points ========================= 05-03-2014 11:52:48 Geplanter Prüfpunkt 06-03-2014 11:37:24 Geplanter Prüfpunkt 10-03-2014 12:46:02 Geplanter Prüfpunkt 11-03-2014 12:07:19 Geplanter Prüfpunkt 12-03-2014 02:16:34 Windows Update 13-03-2014 12:42:57 Geplanter Prüfpunkt 14-03-2014 11:00:26 Windows Update 15-03-2014 14:06:31 Geplanter Prüfpunkt 17-03-2014 03:32:02 Revo Uninstaller's restore point - Comodo HopSurf 17-03-2014 10:44:32 Removed Java 7 Update 25 17-03-2014 12:21:00 Removed COMODO livePCsupport ==================== Hosts content: ========================== 2006-11-02 11:23 - 2014-03-17 03:33 - 00450757 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {0E935E62-1D7B-4E30-AB0D-2807DA10CB83} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {23778673-6685-49B3-BEBB-4B9FA1BBA642} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {4430BC74-0F34-4E50-BC6B-F50861458A9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {70123431-D3B0-44E9-8554-1A05B93730AD} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics) Task: {90255043-B028-41AF-B007-6EED10787515} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.) Task: {9F6C35C3-D046-4518-8C23-0A3649E798E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.) Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {BC918486-39FE-4CFE-BFD2-05C89247C781} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-17] (IObit) Task: {C6D1C84C-0891-4E7E-B2D4-8B200E31F411} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-22 05:47 - 2009-08-10 08:07 - 00026624 _____ () C:\Windows\System32\ssp7ml3.dll 2014-02-24 14:15 - 2014-02-14 11:00 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll 2013-08-27 12:44 - 2010-01-06 08:03 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe 2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2008-05-13 01:13 - 2008-05-13 01:13 - 00085672 _____ () C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe 2014-02-15 00:39 - 2014-02-15 00:39 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Wes\Desktop\prim.mpg:TOC.WMV ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-03-18 12:24:51.988 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 12:24:51.832 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 12:24:51.692 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 12:24:51.536 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 12:24:51.364 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 12:24:51.224 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 12:24:51.052 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 12:24:50.865 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 01:42:45.051 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-18 01:42:44.895 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 42% Total physical RAM: 3065.87 MB Available physical RAM: 1761.79 MB Total Pagefile: 6352.15 MB Available Pagefile: 4976.26 MB Total Virtual: 2047.88 MB Available Virtual: 1913.52 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:144.09 GB) (Free:51.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:144 GB) (Free:137.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 0201FF32) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
18.03.2014, 13:21 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2014, 15:29 | #11 |
| Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfindCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.18.05 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Wes :: WES-PC [Administrator] Schutz: Aktiviert 18.03.2014 13:41:29 mbam-log-2014-03-18 (13-41-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205144 Laufzeit: 6 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=44591c0781ca874c81244a5a42b20ac6 # engine=17492 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-03-18 02:08:04 # local_time=2014-03-18 03:08:04 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1799 16775165 100 95 14383 2783238 7137 0 # compatibility_mode=5892 16776574 100 100 83707337 232684412 0 0 # scanned=158529 # found=5 # cleaned=0 # scan_time=4389 sh=82C66E4B2AC1D28463CE68E66FB7B25CF1FD2851 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip" sh=9BD75086EEBC374A43CC37171086F7E34430D7C0 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen3.zip" sh=82C66E4B2AC1D28463CE68E66FB7B25CF1FD2851 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip" sh=9BD75086EEBC374A43CC37171086F7E34430D7C0 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen3.zip" sh=463AF2DEB2EC8D5C6AA9BDD0F6B4B373A6B24D58 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2010-4452.J trojan" ac=I fn="C:\Users\Wes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5ab40f57-21a19288" |
18.03.2014, 15:48 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Nur Reste, alte Funde in der Spybot-Q und in Cache/Temp TFC - Temp File Cleaner Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
19.03.2014, 01:22 | #13 |
| Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Hab alles gemacht incl. temp file cleaner. Leider besteht das Problem weiterhin! Gestern hat mir meine Frau erzählt - sie benutzt ihren Rechner nur sehr selten - dass auch bei ihr diese Seiten aufpoppen. (windows 7). Sie hat es für "nervige Werbung" gehalten und wenig drauf gegeben, ist nun allerdings besorgt. It-Experten in ihrer Firma meinten heute, man sollte einen Browser-Cleaner einsetzen - notfalls firefox plattmachen und neu installieren und das Problem sei gelöst. Die spannende Frage ist ohnehin, weshalb hat sie das selbe Problem und wie fängt man sich diese malware überhaupt? (Unsere Rechner haben keine Verbindung) |
19.03.2014, 12:10 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Erstell dir mal ein neues Profil und teste => http://support.mozilla.com/de/kb/Profile%20verwalten
__________________ Logfiles bitte immer in CODE-Tags posten |
19.03.2014, 14:26 | #15 |
| Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Ich hab in einem englischsprachigen Forum die Lösung gefunden. Die Schadsoftware ist ein add on (so wie der nützliche Werbeblocker). Den bekommt man weg, indem man bei firefox auf "auf Standardeinstellung zurücksetzen" klickt. Alle add ons sind dann weg, die Guten, als auch die Schädlichen, die Gewünschten muss man eben neu draufpacken und alles ist wieder paletti. Gleichwohl vielen Dank für die Unterstützung, die sonstige malware bin ich dank deiner Hilfe ja auch los. |
Themen zu Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind |
adobe, antivir, avast, avira, defender, explorer, firefox, flash player, ftp, helper, home, homepage, mozilla, registry, rundll, safer networking, security, server, services.exe, software, svchost.exe, system, temp, vista, windows, winlogon.exe |