Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind

Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind


Log-Analyse und Auswertung: Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.03.2014, 12:25   #9
JamesT
 
Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind - Standard

Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind


Code:
ATTFilter
# AdwCleaner v3.022 - Bericht erstellt am 18/03/2014 um 12:10:20
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzername : Wes - WES-PC
# Gestartet von : C:\Users\Wes\Desktop\adwcleaner_3.022.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v7.0.6001.18602


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [20507 octets] - [13/03/2014 01:12:19]
AdwCleaner[R1].txt - [927 octets] - [13/03/2014 01:21:27]
AdwCleaner[R2].txt - [1051 octets] - [17/03/2014 11:53:31]
AdwCleaner[R3].txt - [1172 octets] - [18/03/2014 12:08:32]
AdwCleaner[S0].txt - [20529 octets] - [13/03/2014 01:14:43]
AdwCleaner[S1].txt - [987 octets] - [13/03/2014 01:22:58]
AdwCleaner[S2].txt - [1113 octets] - [17/03/2014 11:56:00]
AdwCleaner[S3].txt - [1094 octets] - [18/03/2014 12:10:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1154 octets] ##########

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Wes on 18.03.2014 at 12:15:05,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Wes\AppData\Roaming\mozilla\firefox\profiles\8lsw7d9v.default\prefs.js

user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.name", "HDvid-Codec V9.0");
Emptied folder: C:\Users\Wes\AppData\Roaming\mozilla\firefox\profiles\8lsw7d9v.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.03.2014 at 12:19:27,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Wes (administrator) on WES-PC on 18-03-2014 12:24:20
Running from C:\Users\Wes\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Emsi Software GmbH) C:\Program Files\a-squared Free\a2service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
() C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ISW] - [X]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-01-06] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default
FF DefaultSearchEngine: StartWeb
FF SelectedSearchEngine: StartWeb
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "46.22.173.9"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "46.22.173.9"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "46.22.173.9"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "46.22.173.9"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HDvid-Codec V9.0 - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com [2014-03-08]
FF Extension: DownloadHelper - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: Stealthy - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\stealthyextension@gmail.com.xpi [2011-08-31]
FF Extension: GrabRez - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-03-05]
FF Extension: Adblock Plus - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}] - C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker

========================== Services (Whitelisted) =================

R2 a2free; C:\Program Files\a-squared Free\a2service.exe [719392 2009-07-13] (Emsi Software GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-17] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
S2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 cpuz129; C:\Program Files\PC Wizard 2008\pcwiz32.sys [9600 2008-01-25] (Windows (R) Codename Longhorn DDK provider)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55224 2014-03-02] (StdLib)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242048 2008-06-05] (Vimicro Corporation)
S3 cpuz132; \??\C:\Users\Wes\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 12:24 - 2014-03-18 12:24 - 00012822 _____ () C:\Users\Wes\Desktop\FRST.txt
2014-03-18 12:19 - 2014-03-18 12:19 - 00001015 _____ () C:\Users\Wes\Desktop\JRT.txt
2014-03-17 12:44 - 2014-03-17 12:44 - 00138832 _____ () C:\Windows\Minidump\Mini031714-01.dmp
2014-03-17 12:42 - 2014-03-17 12:44 - 223734794 _____ () C:\Windows\MEMORY.DMP
2014-03-17 12:34 - 2014-03-17 12:34 - 00380416 _____ () C:\Users\Wes\Desktop\Gmer-19357.exe
2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe
2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable
2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe
2014-03-17 11:43 - 2014-02-13 14:32 - 00000426 _____ () C:\AVScanner.ini
2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe
2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe
2014-03-17 04:11 - 2014-03-17 11:41 - 00000000 ____D () C:\ProgramData\IObit
2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData
2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit
2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Program Files\IObit
2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe
2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt
2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe
2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT
2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe
2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm
2014-03-17 03:33 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033333.backup
2014-03-17 03:32 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033248.backup
2014-03-13 01:12 - 2014-03-18 12:10 - 00000000 ____D () C:\AdwCleaner
2014-03-13 00:43 - 2014-03-18 12:24 - 00000000 ____D () C:\FRST
2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe
2014-03-12 03:21 - 2014-03-12 03:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-12 03:14 - 2011-07-06 15:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-03-12 03:14 - 2011-06-02 13:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 03:14 - 2011-05-02 16:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-03-12 03:14 - 2011-04-29 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-03-12 03:14 - 2011-04-29 13:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-03-12 03:14 - 2011-04-29 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-03-12 03:14 - 2011-04-29 13:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-03-12 03:14 - 2011-04-21 14:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-12 03:14 - 2011-04-20 15:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-12 03:14 - 2011-04-20 15:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-12 03:14 - 2011-04-14 15:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-03-12 03:14 - 2010-12-20 16:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-03-12 03:13 - 2011-04-29 15:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-06 00:13 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140306-001303.backup
2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe
2014-03-05 04:16 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-041616.backup
2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira
2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira
2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira
2014-02-24 14:15 - 2014-02-14 11:00 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-24 14:15 - 2014-02-14 11:00 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-24 14:15 - 2014-02-14 11:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-24 14:15 - 2014-02-14 11:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

==================== One Month Modified Files and Folders =======

2014-03-18 12:24 - 2014-03-18 12:24 - 00012822 _____ () C:\Users\Wes\Desktop\FRST.txt
2014-03-18 12:24 - 2014-03-13 00:43 - 00000000 ____D () C:\FRST
2014-03-18 12:19 - 2014-03-18 12:19 - 00001015 _____ () C:\Users\Wes\Desktop\JRT.txt
2014-03-18 12:15 - 2009-01-17 01:10 - 02027075 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 12:12 - 2009-01-17 00:30 - 00136265 _____ () C:\ProgramData\nvModes.001
2014-03-18 12:11 - 2013-09-19 12:29 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 12:11 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 12:11 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 12:11 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 12:10 - 2014-03-13 01:12 - 00000000 ____D () C:\AdwCleaner
2014-03-18 12:10 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-18 12:10 - 2006-11-02 14:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-18 04:56 - 2012-05-03 11:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 04:39 - 2013-09-19 12:29 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 13:21 - 2010-04-24 01:02 - 00000000 ____D () C:\Program Files\Comodo
2014-03-17 12:44 - 2014-03-17 12:44 - 00138832 _____ () C:\Windows\Minidump\Mini031714-01.dmp
2014-03-17 12:44 - 2014-03-17 12:42 - 223734794 _____ () C:\Windows\MEMORY.DMP
2014-03-17 12:44 - 2009-05-25 09:55 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 12:34 - 2014-03-17 12:34 - 00380416 _____ () C:\Users\Wes\Desktop\Gmer-19357.exe
2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe
2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable
2014-03-17 12:29 - 2009-02-04 12:00 - 00000000 ____D () C:\Users\Wes
2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe
2014-03-17 11:57 - 2011-12-31 11:06 - 00668032 _____ () C:\Windows\PFRO.log
2014-03-17 11:46 - 2012-04-09 18:01 - 00000000 ____D () C:\Westwood
2014-03-17 11:41 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\IObit
2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe
2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe
2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData
2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit
2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Program Files\IObit
2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe
2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt
2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe
2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT
2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe
2014-03-17 03:44 - 2009-03-09 21:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm
2014-03-12 04:20 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe
2014-03-12 03:37 - 2009-01-17 00:29 - 00136265 _____ () C:\ProgramData\nvModes.dat
2014-03-12 03:34 - 2006-11-02 13:47 - 00395824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 03:27 - 2009-02-20 11:40 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-12 03:24 - 2014-03-12 03:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-12 02:56 - 2012-05-03 11:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 02:56 - 2011-05-20 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-07 01:53 - 2009-12-14 14:37 - 00000000 ____D () C:\Users\Wes\Desktop\Dokumente
2014-03-05 17:10 - 2008-09-11 16:11 - 00000000 ____D () C:\Windows\de-DE
2014-03-05 12:20 - 2012-12-20 14:46 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-05 12:20 - 2011-08-11 00:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe
2014-03-04 04:39 - 2012-05-03 14:21 - 00000000 ____D () C:\Program Files\PKR
2014-03-02 14:03 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira
2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira
2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira
2014-02-24 13:54 - 2012-12-20 18:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-23 20:12 - 2006-11-02 11:23 - 00002577 _____ () C:\Windows\system32\config.nt
2014-02-16 15:08 - 2011-12-02 14:58 - 00000000 ____D () C:\Users\Wes\Documents\MAGIX_MxTray
2014-02-16 15:08 - 2011-12-02 14:49 - 00000000 ____D () C:\ProgramData\MAGIX

Some content of TEMP:
====================
C:\Users\Wes\AppData\Local\Temp\avgnt.exe
C:\Users\Wes\AppData\Local\Temp\promote-upx.exe
C:\Users\Wes\AppData\Local\Temp\Quarantine.exe
C:\Users\Wes\AppData\Local\Temp\Uninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-18 12:18

==================== End Of Log ============================
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Wes at 2014-03-18 12:25:08
Running from C:\Users\Wes\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
a-squared Free 4.5 (HKLM\...\a-squared Free_is1) (Version: 4.5 - Emsi Software GmbH)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.13 - Piriform)
Comodo HopSurf (HKLM\...\Comodo HopSurf Toolbar) (Version: 1.0.0.2 - Comodo Security Solutions, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
DSL-Speedtest (HKLM\...\{5C98D841-6392-41F1-A80E-B1A741F32A95}) (Version: 1.00.0000 - COMPUTER BILD)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 4.0 (HKLM\...\InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}) (Version: 4.0.0.13 - Samsung)
Easy Network Manager 4.0 (Version: 4.0.0.13 - Samsung) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM\...\WOLAPI) (Version:  - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.)
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
Last.fm 1.5.4.24567 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
MAGIX Screenshare (HKLM\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSN Toolbar (HKLM\...\{8FBC9407-713D-4B8A-98D2-57210DA56049}) (Version: 3.0.744.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OnlineFotoservice (HKLM\...\OnlineFotoservice) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PC Wizard 2008.1.871 (HKLM\...\PC Wizard 2008_is1) (Version:  - Laurent KUTIL & Franck DELATTRE)
PKR (HKLM\...\PKR) (Version:  - PKR Ltd)
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.6 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 1.0.00.14080 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.0 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Wartung Samsung ML-1660 Series (HKLM\...\Samsung ML-1660 Series) (Version:  - Samsung Electronics Co., Ltd.)
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
Winamp (HKLM\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft)
ZoneAlarm Toolbar (Version:  - Check Point Software Technologies) Hidden

==================== Restore Points  =========================

05-03-2014 11:52:48 Geplanter Prüfpunkt
06-03-2014 11:37:24 Geplanter Prüfpunkt
10-03-2014 12:46:02 Geplanter Prüfpunkt
11-03-2014 12:07:19 Geplanter Prüfpunkt
12-03-2014 02:16:34 Windows Update
13-03-2014 12:42:57 Geplanter Prüfpunkt
14-03-2014 11:00:26 Windows Update
15-03-2014 14:06:31 Geplanter Prüfpunkt
17-03-2014 03:32:02 Revo Uninstaller's restore point - Comodo HopSurf
17-03-2014 10:44:32 Removed Java 7 Update 25
17-03-2014 12:21:00 Removed COMODO livePCsupport

==================== Hosts content: ==========================

2006-11-02 11:23 - 2014-03-17 03:33 - 00450757 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0E935E62-1D7B-4E30-AB0D-2807DA10CB83} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23778673-6685-49B3-BEBB-4B9FA1BBA642} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4430BC74-0F34-4E50-BC6B-F50861458A9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {70123431-D3B0-44E9-8554-1A05B93730AD} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)
Task: {90255043-B028-41AF-B007-6EED10787515} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)
Task: {9F6C35C3-D046-4518-8C23-0A3649E798E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {BC918486-39FE-4CFE-BFD2-05C89247C781} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-17] (IObit)
Task: {C6D1C84C-0891-4E7E-B2D4-8B200E31F411} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-22 05:47 - 2009-08-10 08:07 - 00026624 _____ () C:\Windows\System32\ssp7ml3.dll
2014-02-24 14:15 - 2014-02-14 11:00 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2013-08-27 12:44 - 2010-01-06 08:03 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2008-05-13 01:13 - 2008-05-13 01:13 - 00085672 _____ () C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
2014-02-15 00:39 - 2014-02-15 00:39 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Wes\Desktop\prim.mpg:TOC.WMV

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-03-18 12:24:51.988
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 12:24:51.832
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 12:24:51.692
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 12:24:51.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 12:24:51.364
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 12:24:51.224
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 12:24:51.052
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 12:24:50.865
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 01:42:45.051
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 01:42:44.895
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3065.87 MB
Available physical RAM: 1761.79 MB
Total Pagefile: 6352.15 MB
Available Pagefile: 4976.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.09 GB) (Free:51.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144 GB) (Free:137.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 0201FF32)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Themen zu Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind
adobe, antivir, avast, avira, defender, explorer, firefox, flash player, ftp, helper, home, homepage, mozilla, registry, rundll, safer networking, security, server, services.exe, software, svchost.exe, system, temp, vista, windows, winlogon.exe


« Nach VLC-Player Installation habe ich SM.de als Suchmaschine | Verdacht eine verseuchte E-Mail geöffnet zu haben. »


Ähnliche Themen: Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind


  1. Wie von Mac rvzr-a.akamaihd Virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (1)
  2. Windows 7: rzvr.akamaihd.net und fastdailyfind.com, PC langsam
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (20)
  3. Tab mit "http://rvzr-a.akamaihd.net" öffnen sich im Browser
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (49)
  4. Vista, ständige Werbe-Popups, rvzr-akamaihd
    Log-Analyse und Auswertung - 19.01.2014 (13)
  5. rvzr-a.akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (19)
  6. Rvzr-a.akamaihd.net Infektion
    Log-Analyse und Auswertung - 03.12.2013 (11)
  7. rvzr-a.akamaihd.net entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.12.2013 (5)
  8. neue Seiten mit rvzr-a.akamaihd.net öffnen sich ständig
    Log-Analyse und Auswertung - 01.12.2013 (18)
  9. Windows7: rvzr-a.akamaihd.net im Firefox
    Plagegeister aller Art und deren Bekämpfung - 30.11.2013 (9)
  10. rvzr-a.akamaihd.net entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (7)
  11. rvzr-a.akamaihd.net/
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (3)
  12. rvzr-a.akamaihd auf Windows 7 64-bit
    Log-Analyse und Auswertung - 20.11.2013 (1)
  13. rvzr-a.akamaihd.net snapdo.com
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (3)
  14. http://rvzr-a.akamaihd.net/
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (10)
  15. Win7: rvzr-a.akamaihd.net
    Log-Analyse und Auswertung - 15.11.2013 (9)
  16. rvzr-a.akamaihd
    Log-Analyse und Auswertung - 11.11.2013 (7)
  17. rvzr-a.akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (24)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind - Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 18/03/2014 um 12:10:20 # Aktualisiert 13/03/2014 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack - Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind...
Archiv
Du betrachtest: Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27