Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 17.03.2014, 12:55   #1
JamesT
 
Vista: Webseiten öffnen automatsich:  rvzr-a.akamaihd, onlinewebfind oder fastdailyfind - Standard

Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind



Guten Tag, ich benötige Profihilfe, habe bereits alles versucht.

Hier meine logfiles:

defogger:
Log created at 12:29 on 17/03/2014 (Wes)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


frst:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Wes (administrator) on WES-PC on 17-03-2014 12:32:48
Running from C:\Users\Wes\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(COMODO) C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Emsi Software GmbH) C:\Program Files\a-squared Free\a2service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ISW] - [X]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-01-06] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default
FF DefaultSearchEngine: StartWeb
FF SelectedSearchEngine: StartWeb
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "46.22.173.9"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "46.22.173.9"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "46.22.173.9"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "46.22.173.9"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HDvid-Codec V9.0 - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com [2014-03-08]
FF Extension: DownloadHelper - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: Stealthy - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\stealthyextension@gmail.com.xpi [2011-08-31]
FF Extension: GrabRez - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-03-05]
FF Extension: Adblock Plus - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}] - C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker

========================== Services (Whitelisted) =================

R2 a2free; C:\Program Files\a-squared Free\a2service.exe [719392 2009-07-13] (Emsi Software GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 CLPSLS; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [148744 2010-02-19] (COMODO)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-17] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
S2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 cpuz129; C:\Program Files\PC Wizard 2008\pcwiz32.sys [9600 2008-01-25] (Windows (R) Codename Longhorn DDK provider)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55224 2014-03-02] (StdLib)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242048 2008-06-05] (Vimicro Corporation)
S3 cpuz132; \??\C:\Users\Wes\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe
2014-03-17 12:32 - 2014-03-17 12:32 - 00013085 _____ () C:\Users\Wes\Desktop\FRST.txt
2014-03-17 12:29 - 2014-03-17 12:30 - 00000468 _____ () C:\Users\Wes\Desktop\defogger_disable.log
2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable
2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe
2014-03-17 11:43 - 2014-02-13 14:32 - 00000426 _____ () C:\AVScanner.ini
2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe
2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe
2014-03-17 04:11 - 2014-03-17 11:41 - 00000000 ____D () C:\ProgramData\IObit
2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData
2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit
2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Program Files\IObit
2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe
2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt
2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe
2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT
2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe
2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm
2014-03-17 03:33 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033333.backup
2014-03-17 03:32 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033248.backup
2014-03-13 01:12 - 2014-03-17 11:56 - 00000000 ____D () C:\AdwCleaner
2014-03-13 00:43 - 2014-03-17 12:32 - 00000000 ____D () C:\FRST
2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe
2014-03-12 03:21 - 2014-03-12 03:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-12 03:14 - 2011-07-06 15:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-03-12 03:14 - 2011-06-02 13:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 03:14 - 2011-05-02 16:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-03-12 03:14 - 2011-04-29 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-03-12 03:14 - 2011-04-29 13:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-03-12 03:14 - 2011-04-29 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-03-12 03:14 - 2011-04-29 13:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-03-12 03:14 - 2011-04-21 14:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-12 03:14 - 2011-04-20 15:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-12 03:14 - 2011-04-20 15:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-12 03:14 - 2011-04-14 15:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-03-12 03:14 - 2010-12-20 16:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-03-12 03:13 - 2011-04-29 15:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-06 00:13 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140306-001303.backup
2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe
2014-03-05 04:16 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-041616.backup
2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira
2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira
2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira
2014-02-24 14:15 - 2014-02-14 11:00 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-24 14:15 - 2014-02-14 11:00 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-24 14:15 - 2014-02-14 11:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-24 14:15 - 2014-02-14 11:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-02-15 00:39 - 2014-02-15 00:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-17 12:33 - 2014-03-17 12:32 - 00013085 _____ () C:\Users\Wes\Desktop\FRST.txt
2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe
2014-03-17 12:32 - 2014-03-13 00:43 - 00000000 ____D () C:\FRST
2014-03-17 12:30 - 2014-03-17 12:29 - 00000468 _____ () C:\Users\Wes\Desktop\defogger_disable.log
2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable
2014-03-17 12:29 - 2009-02-04 12:00 - 00000000 ____D () C:\Users\Wes
2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe
2014-03-17 11:58 - 2009-01-17 00:30 - 00136265 _____ () C:\ProgramData\nvModes.001
2014-03-17 11:57 - 2013-09-19 12:29 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 11:57 - 2011-12-31 11:06 - 00668032 _____ () C:\Windows\PFRO.log
2014-03-17 11:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 11:57 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-17 11:57 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-17 11:56 - 2014-03-13 01:12 - 00000000 ____D () C:\AdwCleaner
2014-03-17 11:56 - 2012-05-03 11:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-17 11:56 - 2009-01-17 01:10 - 01978450 _____ () C:\Windows\WindowsUpdate.log
2014-03-17 11:56 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-17 11:56 - 2006-11-02 14:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-17 11:46 - 2012-04-09 18:01 - 00000000 ____D () C:\Westwood
2014-03-17 11:41 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\IObit
2014-03-17 11:39 - 2013-09-19 12:29 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe
2014-03-17 04:34 - 2010-04-24 01:02 - 00000000 ____D () C:\Program Files\Comodo
2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe
2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData
2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit
2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Program Files\IObit
2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe
2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt
2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe
2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT
2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe
2014-03-17 03:44 - 2009-03-09 21:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm
2014-03-12 04:20 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe
2014-03-12 03:37 - 2009-01-17 00:29 - 00136265 _____ () C:\ProgramData\nvModes.dat
2014-03-12 03:34 - 2006-11-02 13:47 - 00395824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 03:27 - 2009-02-20 11:40 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-12 03:24 - 2014-03-12 03:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-12 02:56 - 2012-05-03 11:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 02:56 - 2011-05-20 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-07 01:53 - 2009-12-14 14:37 - 00000000 ____D () C:\Users\Wes\Desktop\Dokumente
2014-03-05 17:10 - 2008-09-11 16:11 - 00000000 ____D () C:\Windows\de-DE
2014-03-05 12:20 - 2012-12-20 14:46 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-05 12:20 - 2011-08-11 00:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe
2014-03-04 04:39 - 2012-05-03 14:21 - 00000000 ____D () C:\Program Files\PKR
2014-03-02 14:03 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira
2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira
2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira
2014-02-24 13:54 - 2012-12-20 18:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-23 20:12 - 2006-11-02 11:23 - 00002577 _____ () C:\Windows\system32\config.nt
2014-02-16 15:08 - 2011-12-02 14:58 - 00000000 ____D () C:\Users\Wes\Documents\MAGIX_MxTray
2014-02-16 15:08 - 2011-12-02 14:49 - 00000000 ____D () C:\ProgramData\MAGIX
2014-02-15 00:39 - 2014-02-15 00:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Wes\AppData\Local\Temp\avgnt.exe
C:\Users\Wes\AppData\Local\Temp\promote-upx.exe
C:\Users\Wes\AppData\Local\Temp\Quarantine.exe
C:\Users\Wes\AppData\Local\Temp\Uninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-17 12:05

==================== End Of Log ============================
frst:

 

Themen zu Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind
adobe, antivir, avast, avira, defender, explorer, firefox, flash player, ftp, helper, home, homepage, mozilla, registry, rundll, safer networking, security, server, services.exe, software, svchost.exe, system, temp, vista, windows, winlogon.exe




Ähnliche Themen: Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind


  1. Wie von Mac rvzr-a.akamaihd Virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (1)
  2. Windows 7: rzvr.akamaihd.net und fastdailyfind.com, PC langsam
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (20)
  3. Tab mit "http://rvzr-a.akamaihd.net" öffnen sich im Browser
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (49)
  4. Vista, ständige Werbe-Popups, rvzr-akamaihd
    Log-Analyse und Auswertung - 19.01.2014 (13)
  5. rvzr-a.akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (19)
  6. Rvzr-a.akamaihd.net Infektion
    Log-Analyse und Auswertung - 03.12.2013 (11)
  7. rvzr-a.akamaihd.net entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.12.2013 (5)
  8. neue Seiten mit rvzr-a.akamaihd.net öffnen sich ständig
    Log-Analyse und Auswertung - 01.12.2013 (18)
  9. Windows7: rvzr-a.akamaihd.net im Firefox
    Plagegeister aller Art und deren Bekämpfung - 30.11.2013 (9)
  10. rvzr-a.akamaihd.net entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (7)
  11. rvzr-a.akamaihd.net/
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (3)
  12. rvzr-a.akamaihd auf Windows 7 64-bit
    Log-Analyse und Auswertung - 20.11.2013 (1)
  13. rvzr-a.akamaihd.net snapdo.com
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (3)
  14. http://rvzr-a.akamaihd.net/
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (10)
  15. Win7: rvzr-a.akamaihd.net
    Log-Analyse und Auswertung - 15.11.2013 (9)
  16. rvzr-a.akamaihd
    Log-Analyse und Auswertung - 11.11.2013 (7)
  17. rvzr-a.akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (24)

Zum Thema Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind - Guten Tag, ich benötige Profihilfe, habe bereits alles versucht. Hier meine logfiles: defogger: Log created at 12:29 on 17/03/2014 (Wes) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. - Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind...
Archiv
Du betrachtest: Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.