![]() |
|
Log-Analyse und Auswertung: Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfindWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind Guten Tag, ich benötige Profihilfe, habe bereits alles versucht. Hier meine logfiles: defogger: Log created at 12:29 on 17/03/2014 (Wes) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- frst: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Wes (administrator) on WES-PC on 17-03-2014 12:32:48 Running from C:\Users\Wes\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (COMODO) C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Emsi Software GmbH) C:\Program Files\a-squared Free\a2service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [ISW] - [X] HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-01-06] () HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM - HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll No File Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default FF DefaultSearchEngine: StartWeb FF SelectedSearchEngine: StartWeb FF Homepage: https://www.google.de/ FF NetworkProxy: "ftp", "46.22.173.9" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "46.22.173.9" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "46.22.173.9" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "46.22.173.9" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HDvid-Codec V9.0 - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com [2014-03-08] FF Extension: DownloadHelper - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27] FF Extension: Stealthy - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\stealthyextension@gmail.com.xpi [2011-08-31] FF Extension: GrabRez - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi [2014-03-05] FF Extension: Adblock Plus - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\8lsw7d9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}] - C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker ========================== Services (Whitelisted) ================= R2 a2free; C:\Program Files\a-squared Free\a2service.exe [719392 2009-07-13] (Emsi Software GmbH) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 CLPSLS; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [148744 2010-02-19] (COMODO) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-17] (IObit) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () S2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG) S3 cpuz129; C:\Program Files\PC Wizard 2008\pcwiz32.sys [9600 2008-01-25] (Windows (R) Codename Longhorn DDK provider) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH) R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55224 2014-03-02] (StdLib) R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242048 2008-06-05] (Vimicro Corporation) S3 cpuz132; \??\C:\Users\Wes\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe 2014-03-17 12:32 - 2014-03-17 12:32 - 00013085 _____ () C:\Users\Wes\Desktop\FRST.txt 2014-03-17 12:29 - 2014-03-17 12:30 - 00000468 _____ () C:\Users\Wes\Desktop\defogger_disable.log 2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable 2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe 2014-03-17 11:43 - 2014-02-13 14:32 - 00000426 _____ () C:\AVScanner.ini 2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe 2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe 2014-03-17 04:11 - 2014-03-17 11:41 - 00000000 ____D () C:\ProgramData\IObit 2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-17 04:10 - 2014-03-17 04:11 - 00000000 ____D () C:\Program Files\IObit 2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe 2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt 2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe 2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT 2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe 2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm 2014-03-17 03:33 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033333.backup 2014-03-17 03:32 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140317-033248.backup 2014-03-13 01:12 - 2014-03-17 11:56 - 00000000 ____D () C:\AdwCleaner 2014-03-13 00:43 - 2014-03-17 12:32 - 00000000 ____D () C:\FRST 2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe 2014-03-12 03:21 - 2014-03-12 03:24 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-03-12 03:14 - 2011-07-06 15:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2014-03-12 03:14 - 2011-06-02 13:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 03:14 - 2011-05-02 16:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-03-12 03:14 - 2011-04-29 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-03-12 03:14 - 2011-04-29 13:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-03-12 03:14 - 2011-04-21 14:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-03-12 03:14 - 2011-04-20 15:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-03-12 03:14 - 2011-04-20 15:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-03-12 03:14 - 2011-04-14 15:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-03-12 03:14 - 2010-12-20 16:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-03-12 03:13 - 2011-04-29 15:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-03-06 00:13 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140306-001303.backup 2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe 2014-03-05 04:16 - 2013-12-09 16:48 - 00450705 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-041616.backup 2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys 2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira 2014-02-24 14:15 - 2014-02-14 11:00 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-02-24 14:15 - 2014-02-14 11:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-02-15 00:39 - 2014-02-15 00:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-03-17 12:33 - 2014-03-17 12:32 - 00013085 _____ () C:\Users\Wes\Desktop\FRST.txt 2014-03-17 12:32 - 2014-03-17 12:32 - 01145856 _____ (Farbar) C:\Users\Wes\Desktop\FRST.exe 2014-03-17 12:32 - 2014-03-13 00:43 - 00000000 ____D () C:\FRST 2014-03-17 12:30 - 2014-03-17 12:29 - 00000468 _____ () C:\Users\Wes\Desktop\defogger_disable.log 2014-03-17 12:29 - 2014-03-17 12:29 - 00000000 _____ () C:\Users\Wes\defogger_reenable 2014-03-17 12:29 - 2009-02-04 12:00 - 00000000 ____D () C:\Users\Wes 2014-03-17 12:28 - 2014-03-17 12:28 - 00050477 _____ () C:\Users\Wes\Desktop\Defogger.exe 2014-03-17 11:58 - 2009-01-17 00:30 - 00136265 _____ () C:\ProgramData\nvModes.001 2014-03-17 11:57 - 2013-09-19 12:29 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-17 11:57 - 2011-12-31 11:06 - 00668032 _____ () C:\Windows\PFRO.log 2014-03-17 11:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-17 11:57 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 11:57 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 11:56 - 2014-03-13 01:12 - 00000000 ____D () C:\AdwCleaner 2014-03-17 11:56 - 2012-05-03 11:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-17 11:56 - 2009-01-17 01:10 - 01978450 _____ () C:\Windows\WindowsUpdate.log 2014-03-17 11:56 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-17 11:56 - 2006-11-02 14:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-17 11:46 - 2012-04-09 18:01 - 00000000 ____D () C:\Westwood 2014-03-17 11:41 - 2014-03-17 04:11 - 00000000 ____D () C:\ProgramData\IObit 2014-03-17 11:39 - 2013-09-19 12:29 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-17 11:35 - 2014-03-17 11:35 - 01950720 _____ () C:\Users\Wes\Desktop\adwcleaner_3.022.exe 2014-03-17 04:34 - 2010-04-24 01:02 - 00000000 ____D () C:\Program Files\Comodo 2014-03-17 04:24 - 2014-03-17 04:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\arkill.exe 2014-03-17 04:11 - 2014-03-17 04:11 - 00001045 _____ () C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk 2014-03-17 04:11 - 2014-03-17 04:11 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\ProductData 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\IObit 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-17 04:11 - 2014-03-17 04:10 - 00000000 ____D () C:\Program Files\IObit 2014-03-17 04:10 - 2014-03-17 04:10 - 12569408 _____ (IObit) C:\Users\Wes\Desktop\iobituninstaller_3.2.0.128.exe 2014-03-17 04:06 - 2014-03-17 04:06 - 00001802 _____ () C:\sc-cleaner.txt 2014-03-17 04:05 - 2014-03-17 04:05 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Wes\Desktop\sc-cleaner.exe 2014-03-17 03:50 - 2014-03-17 03:50 - 00000000 ____D () C:\Windows\ERUNT 2014-03-17 03:49 - 2014-03-17 03:49 - 01037734 _____ (Thisisu) C:\Users\Wes\Desktop\JRT.exe 2014-03-17 03:44 - 2009-03-09 21:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-17 03:38 - 2014-03-17 03:38 - 00016372 _____ () C:\Users\Wes\Desktop\E4K+_CHd.htm 2014-03-12 04:20 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-12 04:02 - 2014-03-12 04:02 - 25578720 _____ (Microsoft Corporation) C:\Users\Wes\Desktop\Windows-KB890830-V5.10.exe 2014-03-12 03:37 - 2009-01-17 00:29 - 00136265 _____ () C:\ProgramData\nvModes.dat 2014-03-12 03:34 - 2006-11-02 13:47 - 00395824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 03:27 - 2009-02-20 11:40 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-03-12 03:24 - 2014-03-12 03:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 03:18 - 2014-03-12 03:18 - 00274502 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00281462 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-03-12 03:17 - 2014-03-12 03:17 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-03-12 02:56 - 2012-05-03 11:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-12 02:56 - 2011-05-20 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-07 01:53 - 2009-12-14 14:37 - 00000000 ____D () C:\Users\Wes\Desktop\Dokumente 2014-03-05 17:10 - 2008-09-11 16:11 - 00000000 ____D () C:\Windows\de-DE 2014-03-05 12:20 - 2012-12-20 14:46 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-05 12:20 - 2011-08-11 00:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-05 04:51 - 2014-03-05 04:51 - 00613200 _____ (Chip Digital GmbH) C:\Users\Wes\Desktop\AdwCleaner - CHIP-Downloader.exe 2014-03-04 04:39 - 2012-05-03 14:21 - 00000000 ____D () C:\Program Files\PKR 2014-03-02 14:03 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-02 01:42 - 2014-03-02 01:42 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys 2014-02-24 14:21 - 2014-02-24 14:21 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\ProgramData\Avira 2014-02-24 14:15 - 2014-02-24 14:15 - 00000000 ____D () C:\Program Files\Avira 2014-02-24 13:54 - 2012-12-20 18:05 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-02-23 20:12 - 2006-11-02 11:23 - 00002577 _____ () C:\Windows\system32\config.nt 2014-02-16 15:08 - 2011-12-02 14:58 - 00000000 ____D () C:\Users\Wes\Documents\MAGIX_MxTray 2014-02-16 15:08 - 2011-12-02 14:49 - 00000000 ____D () C:\ProgramData\MAGIX 2014-02-15 00:39 - 2014-02-15 00:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox Some content of TEMP: ==================== C:\Users\Wes\AppData\Local\Temp\avgnt.exe C:\Users\Wes\AppData\Local\Temp\promote-upx.exe C:\Users\Wes\AppData\Local\Temp\Quarantine.exe C:\Users\Wes\AppData\Local\Temp\Uninst.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-17 12:05 ==================== End Of Log ============================ frst: |
Themen zu Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind |
adobe, antivir, avast, avira, defender, explorer, firefox, flash player, ftp, helper, home, homepage, mozilla, registry, rundll, safer networking, security, server, services.exe, software, svchost.exe, system, temp, vista, windows, winlogon.exe |