|
Plagegeister aller Art und deren Bekämpfung: mailware im firefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.02.2014, 01:50 | #1 |
| mailware im firefox Hallo Forum, Ich habe folgendes Problem: Vor ein paar tagen hat das Übel angefangen wie ich ein Video anschauen wollte und ein Fenster aufgegangen ist das mein "player" nicht mehr aktuell sei und ich ihn updaten sollte. Leider hab ich das auch gemacht und jetz hab ich den Salat. ^^ Jetz öffnen sich immer wieder mal so Fenster mit irgend welchen Werbung usw. Hätte es auch schon mal mit deinstallieren und wieder installieren versucht hat aber leider nichts gebracht. hab die Logfiles von Emsisoft Anti Malware und von FRST mal hier reingkopiert. Ich hoffe das passt so. schon mal vorab danke. Gruss lui Code:
ATTFilter Emsisoft Anti-Malware - Version 8.1 Letztes Update: 04.02.2014 00:00:48 Benutzerkonto: lui-PC\lui Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\, K:\ PUPs-Erkennung: An Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 04.02.2014 00:03:59 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} gefunden: Trace.Registry.Application.Win32.WebApp (A) Key: HKEY_USERS\S-1-5-21-2028207060-3415787862-1104950757-1000\SOFTWARE\SMARTBAR gefunden: Trace.Registry.Application.Win32.WTool (A) C:\Users\lui\AppData\Local\Temp\26b0e51f-fe76-4cf8-8e92-b4c573f8b24a\software\tugs_awesomehp.exe gefunden: Application.Win32.InstallAd (A) C:\Users\lui\AppData\Local\Temp\{1AA329E0-021F-4A6C-86E6-283F81046000}\setup.exe gefunden: Application.Win32.OptAd (A) C:\Users\lui\AppData\Local\Temp\{2B4854EC-FEF9-496F-8ED6-0D5EBDB99BCF}\setup.exe gefunden: Application.Win32.OptAd (A) C:\Users\lui\Downloads\Setup.exe gefunden: Gen:Variant.Adware.Graftor.128175 (B) Gescannt 455281 Gefunden 6 Scan Ende: 04.02.2014 01:17:35 Scan Zeit: 1:13:36 Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04 Ran by lui (administrator) on LUI-PC on 04-02-2014 01:25:37 Running from C:\Users\lui\Downloads Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Windows\SysWOW64\PnkBstrA.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe (AddGadgets) C:\Users\lui\Desktop\PCMeterV4\PCMeterV0.4.exe () C:\Windows\DAODx.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Program Files (x86)\Fortunitas\updateFortunitas.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (PokerStrategy.com) C:\Users\lui\AppData\Local\Apps\2.0\DZWDE8ZV.QYD\BAJ15QXQ.2T1\poke...app_e892221e2968472d_0002.0000_7fd48b227ddcb1fb\PSC.SideKick.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe () C:\Program Files (x86)\Fortunitas\bin\utilFortunitas.exe (Nullsoft, Inc.) F:\Program Files (x86)\Winamp\winamp.exe (Mozilla Corporation) F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) F:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-07] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-29] (AVAST Software) HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4329408 2013-12-04] (Emsisoft GmbH) HKU\S-1-5-21-2028207060-3415787862-1104950757-1000\...\Run: [PokerStrategy.com SideKick] - "C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms" HKU\S-1-5-21-2028207060-3415787862-1104950757-1000\...\MountPoints2: {8cd414d9-49ee-11e3-aa3b-ac220bdcfd07} - J:\SETUP.EXE ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=DE&userid=71e21573-0bbf-e653-5b3f-f5b21b809808&searchtype=ds&q={searchTerms}&installDate=27/01/2014 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3324329&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA3756303-B1D0-466E-A16A-B54F3B16AED5&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB8A90CF26297CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=DE&userid=71e21573-0bbf-e653-5b3f-f5b21b809808&searchtype=ds&q={searchTerms}&installDate=27/01/2014 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390775334&from=tugs&uid=ST2000DM001-1CH164_Z1E5RN3DXXXXZ1E5RN3D&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=DE&userid=71e21573-0bbf-e653-5b3f-f5b21b809808&searchtype=ds&q={searchTerms}&installDate=27/01/2014 SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=DE&userid=71e21573-0bbf-e653-5b3f-f5b21b809808&searchtype=ds&q={searchTerms}&installDate=27/01/2014 SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO: Feven 2.5 - {11111111-1111-1111-1111-110411901108} - C:\Program Files (x86)\Feven 2.5\Feven 2.5-bho64.dll (Feven) BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Feven 2.5 - {11111111-1111-1111-1111-110411901108} - C:\Program Files (x86)\Feven 2.5\Feven 2.5-bho.dll (Feven) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\lui\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Fortunitas - {c6f3fc7b-d607-44ec-9caf-2a41d547137f} - C:\Program Files (x86)\Fortunitas\Fortunitasbho.dll (Fortunitas) BHO-x32: No Name - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\xs5vor85.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 - f:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - f:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: Feven 2.5 - C:\Users\lui\AppData\Roaming\Mozilla\Firefox\Profiles\xs5vor85.default\Extensions\4433da5b-eb52-495d-8865-b2a7468567f6@927544a3-fdfb-4485-a78b-21e1113eee35.com [2014-02-03] FF StartMenuInternet: FIREFOX.EXE - f:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Services (Whitelisted) ================= R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-07] (Advanced Micro Devices, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-29] (AVAST Software) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-18] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software) R2 Update Fortunitas; C:\Program Files (x86)\Fortunitas\updateFortunitas.exe [103200 2014-01-31] () R2 Util Fortunitas; C:\Program Files (x86)\Fortunitas\bin\utilFortunitas.exe [103200 2014-01-30] () R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-01-26] (Cherished Technololgy LIMITED) R2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [x] ==================== Drivers (Whitelisted) ==================== R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-29] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-29] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-29] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-29] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-29] () R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.) S3 VGPU; System32\drivers\rdvgkmd.sys [x] R3 WinRing0_1_2_0; \??\C:\Users\lui\AppData\Local\Temp\tmpA35F.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-04 01:25 - 2014-02-04 01:25 - 00016839 _____ () C:\Users\lui\Downloads\FRST.txt 2014-02-04 01:25 - 2014-02-04 01:25 - 00000000 ____D () C:\Users\lui\Downloads\FRST-OlderVersion 2014-02-03 23:54 - 2014-02-04 01:17 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-02-03 23:54 - 2014-02-03 23:54 - 00001095 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-02-03 23:54 - 2014-02-03 23:54 - 00000000 ____D () C:\Users\lui\Documents\Anti-Malware 2014-02-03 23:48 - 2014-02-03 23:54 - 218807208 _____ (Emsisoft GmbH ) C:\Users\lui\Downloads\EmsisoftAntiMalwareSetup_8.1.0.33.exe 2014-02-02 19:34 - 2014-02-02 19:34 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Mozilla 2014-02-02 19:34 - 2014-01-16 21:45 - 00000500 _____ () C:\Users\lui\Documents\indexfile.txt 2014-02-02 19:31 - 2014-02-02 19:31 - 00000819 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-02 19:31 - 2014-02-02 19:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-01-29 22:51 - 2014-01-29 22:51 - 02037192 _____ () C:\Users\lui\Downloads\geek121.zip 2014-01-29 22:51 - 2014-01-29 22:51 - 02037192 _____ () C:\Users\lui\Downloads\geek121 (2).zip 2014-01-29 22:51 - 2014-01-29 22:51 - 02037192 _____ () C:\Users\lui\Downloads\geek121 (1).zip 2014-01-28 18:07 - 2014-01-28 18:07 - 00062634 _____ () C:\EamClean.log 2014-01-28 00:56 - 2014-01-28 00:56 - 00132384 _____ () C:\Users\lui\Downloads\Addition.txt 2014-01-28 00:15 - 2014-02-04 01:25 - 00000000 ____D () C:\FRST 2014-01-28 00:14 - 2014-02-04 01:25 - 02080256 _____ (Farbar) C:\Users\lui\Downloads\FRST64.exe 2014-01-28 00:04 - 2014-01-28 00:04 - 00000546 _____ () C:\Users\lui\Desktop\Emsisoft Emergency Kit.lnk 2014-01-28 00:04 - 2014-01-28 00:04 - 00000000 ____D () C:\EEK 2014-01-27 23:59 - 2014-01-27 23:59 - 00003364 _____ () C:\Windows\System32\Tasks\AmiUpdXp 2014-01-27 23:56 - 2014-01-28 00:02 - 189820904 _____ () C:\Users\lui\Downloads\EmsisoftEmergencyKit_4.0.0.13.exe 2014-01-27 23:00 - 2014-02-03 23:54 - 09468104 _____ () C:\blitzerr.txt 2014-01-27 15:44 - 2014-02-04 00:40 - 00000348 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-01-27 15:44 - 2014-01-30 20:22 - 00000000 ____D () C:\Users\lui\AppData\Roaming\newnext.me 2014-01-27 15:44 - 2014-01-28 01:32 - 00000000 ____D () C:\Users\lui\AppData\Local\genienext 2014-01-27 15:44 - 2014-01-27 21:03 - 00000000 ____D () C:\Users\lui\AppData\Local\Mobogenie 2014-01-27 15:44 - 2014-01-27 16:07 - 00000000 ____D () C:\Users\lui\AppData\Local\cache 2014-01-27 15:44 - 2014-01-27 15:44 - 00000000 ____D () C:\Users\lui\.android 2014-01-27 15:44 - 2014-01-27 15:44 - 00000000 _____ () C:\Users\lui\daemonprocess.txt 2014-01-27 15:43 - 2014-01-27 21:03 - 00000000 ____D () C:\Program Files (x86)\Mobogenie 2014-01-27 15:40 - 2014-02-04 00:45 - 00000926 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job 2014-01-27 15:40 - 2014-02-03 15:45 - 00000922 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job 2014-01-27 15:40 - 2014-01-27 15:40 - 00003922 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA 2014-01-27 15:40 - 2014-01-27 15:40 - 00003670 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Users\lui\AppData\Roaming\SaveSense 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Users\lui\AppData\Local\SaveSenseLive 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Users\lui\AppData\Local\SaveSense 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\ProgramData\SaveSenseLive 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive 2014-01-27 15:29 - 2014-01-31 19:19 - 00000000 ____D () C:\Program Files (x86)\Fortunitas 2014-01-27 00:48 - 2014-01-27 00:48 - 00000000 ____D () C:\Users\lui\AppData\Roaming\dvdcss 2014-01-27 00:29 - 2014-01-27 00:29 - 00000000 ____D () C:\Users\lui\AppData\Roaming\XBMC 2014-01-27 00:25 - 2014-01-27 00:25 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC 2014-01-27 00:23 - 2014-01-27 00:23 - 00000000 ____D () C:\Program Files\Conduit 2014-01-27 00:23 - 2014-01-27 00:23 - 00000000 ____D () C:\Program Files (x86)\Conduit 2014-01-27 00:22 - 2014-01-27 00:22 - 00330912 _____ () C:\Users\lui\Downloads\Setup.exe 2014-01-27 00:20 - 2014-01-27 00:22 - 59604731 _____ () C:\Users\lui\Downloads\xbmc-12.3.exe 2014-01-27 00:14 - 2014-01-27 00:14 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-01-27 00:13 - 2014-01-27 00:13 - 04986624 _____ (Canneverbe Limited ) C:\Users\lui\Downloads\cdbxp_setup_4.5.2.4478_minimal.exe 2014-01-27 00:13 - 2014-01-27 00:13 - 00000873 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-01-27 00:13 - 2014-01-27 00:13 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Canneverbe Limited 2014-01-27 00:08 - 2014-01-31 18:46 - 00000040 ___SH () C:\ProgramData\.zreglib 2014-01-27 00:06 - 2014-01-27 00:06 - 00000805 _____ () C:\Users\Public\Desktop\AnyDVD.lnk 2014-01-27 00:05 - 2014-01-27 00:05 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Opera Software 2014-01-27 00:05 - 2014-01-27 00:05 - 00000000 ____D () C:\Users\lui\AppData\Local\Opera Software 2014-01-27 00:05 - 2014-01-27 00:05 - 00000000 ____D () C:\ProgramData\SlySoft 2014-01-27 00:04 - 2014-01-29 22:50 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-01-27 00:04 - 2014-01-27 00:04 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-01-26 23:55 - 2014-01-26 23:56 - 00000000 ____D () C:\Users\lui\Desktop\anydvd 2014-01-26 23:29 - 2014-02-03 23:34 - 00002218 _____ () C:\Windows\Tasks\Feven 2.5-firefoxinstaller.job 2014-01-26 23:29 - 2014-02-03 23:29 - 00001498 _____ () C:\Windows\Tasks\Feven 2.5-updater.job 2014-01-26 23:29 - 2014-02-03 23:29 - 00001448 _____ () C:\Windows\Tasks\Feven 2.5-codedownloader.job 2014-01-26 23:29 - 2014-02-03 23:29 - 00001326 _____ () C:\Windows\Tasks\Feven 2.5-enabler.job 2014-01-26 23:29 - 2014-01-26 23:29 - 00004528 _____ () C:\Windows\System32\Tasks\Feven 2.5-updater 2014-01-26 23:29 - 2014-01-26 23:29 - 00004478 _____ () C:\Windows\System32\Tasks\Feven 2.5-codedownloader 2014-01-26 23:29 - 2014-01-26 23:29 - 00004356 _____ () C:\Windows\System32\Tasks\Feven 2.5-enabler 2014-01-26 23:29 - 2014-01-26 23:29 - 00000000 ____D () C:\ProgramData\WPM 2014-01-26 23:28 - 2014-02-03 23:28 - 00002270 _____ () C:\Windows\Tasks\Feven 2.5-chromeinstaller.job 2014-01-26 23:28 - 2014-01-26 23:29 - 00000000 ____D () C:\Program Files (x86)\Feven 2.5 2014-01-18 20:25 - 2014-01-18 20:25 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk ==================== One Month Modified Files and Folders ======= 2014-02-04 01:25 - 2014-02-04 01:25 - 00016839 _____ () C:\Users\lui\Downloads\FRST.txt 2014-02-04 01:25 - 2014-02-04 01:25 - 00000000 ____D () C:\Users\lui\Downloads\FRST-OlderVersion 2014-02-04 01:25 - 2014-01-28 00:15 - 00000000 ____D () C:\FRST 2014-02-04 01:25 - 2014-01-28 00:14 - 02080256 _____ (Farbar) C:\Users\lui\Downloads\FRST64.exe 2014-02-04 01:17 - 2014-02-03 23:54 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-02-04 01:16 - 2013-11-09 14:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-04 00:57 - 2013-11-10 14:57 - 00000280 _____ () C:\Windows\Tasks\FoxTab.job 2014-02-04 00:45 - 2014-01-27 15:40 - 00000926 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job 2014-02-04 00:40 - 2014-01-27 15:44 - 00000348 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-02-04 00:36 - 2013-11-10 11:30 - 00000000 ____D () C:\Users\lui\AppData\Local\Deployment 2014-02-03 23:54 - 2014-02-03 23:54 - 00001095 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-02-03 23:54 - 2014-02-03 23:54 - 00000000 ____D () C:\Users\lui\Documents\Anti-Malware 2014-02-03 23:54 - 2014-02-03 23:48 - 218807208 _____ (Emsisoft GmbH ) C:\Users\lui\Downloads\EmsisoftAntiMalwareSetup_8.1.0.33.exe 2014-02-03 23:54 - 2014-01-27 23:00 - 09468104 _____ () C:\blitzerr.txt 2014-02-03 23:54 - 2013-11-10 14:42 - 00000000 ____D () C:\Users\lui\AppData\Roaming\HoldemManager 2014-02-03 23:34 - 2014-01-26 23:29 - 00002218 _____ () C:\Windows\Tasks\Feven 2.5-firefoxinstaller.job 2014-02-03 23:33 - 2013-11-10 11:28 - 00000000 ____D () C:\Users\lui\AppData\Local\PokerStars.EU 2014-02-03 23:29 - 2014-01-26 23:29 - 00001498 _____ () C:\Windows\Tasks\Feven 2.5-updater.job 2014-02-03 23:29 - 2014-01-26 23:29 - 00001448 _____ () C:\Windows\Tasks\Feven 2.5-codedownloader.job 2014-02-03 23:29 - 2014-01-26 23:29 - 00001326 _____ () C:\Windows\Tasks\Feven 2.5-enabler.job 2014-02-03 23:28 - 2014-01-26 23:28 - 00002270 _____ () C:\Windows\Tasks\Feven 2.5-chromeinstaller.job 2014-02-03 22:32 - 2009-07-14 05:51 - 00051432 _____ () C:\Windows\setupact.log 2014-02-03 15:45 - 2014-01-27 15:40 - 00000922 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job 2014-02-03 15:16 - 2013-08-12 12:14 - 00446236 _____ () C:\Windows\WindowsUpdate.log 2014-02-03 14:42 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-03 14:42 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-03 14:36 - 2013-12-01 20:03 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup 2014-02-03 14:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-03 14:34 - 2010-11-21 04:47 - 01000450 _____ () C:\Windows\PFRO.log 2014-02-02 19:34 - 2014-02-02 19:34 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Mozilla 2014-02-02 19:31 - 2014-02-02 19:31 - 00000819 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-02 19:31 - 2014-02-02 19:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-02 15:14 - 2013-11-09 14:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-01-31 20:20 - 2013-11-10 11:12 - 00000000 ____D () C:\Users\lui\AppData\Local\Equilab 2014-01-31 19:19 - 2014-01-27 15:29 - 00000000 ____D () C:\Program Files (x86)\Fortunitas 2014-01-31 18:46 - 2014-01-27 00:08 - 00000040 ___SH () C:\ProgramData\.zreglib 2014-01-30 20:22 - 2014-01-27 15:44 - 00000000 ____D () C:\Users\lui\AppData\Roaming\newnext.me 2014-01-30 00:03 - 2013-11-10 11:15 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Skype 2014-01-29 22:57 - 2013-12-19 14:57 - 00000139 _____ () C:\Users\lui\AppData\Roaming\WB.CFG 2014-01-29 22:57 - 2013-11-09 13:55 - 00000000 ____D () C:\Users\lui\AppData\Local\Mozilla 2014-01-29 22:55 - 2013-11-10 12:16 - 00000000 ____D () C:\Program Files (x86)\PremierOpinion 2014-01-29 22:51 - 2014-01-29 22:51 - 02037192 _____ () C:\Users\lui\Downloads\geek121.zip 2014-01-29 22:51 - 2014-01-29 22:51 - 02037192 _____ () C:\Users\lui\Downloads\geek121 (2).zip 2014-01-29 22:51 - 2014-01-29 22:51 - 02037192 _____ () C:\Users\lui\Downloads\geek121 (1).zip 2014-01-29 22:50 - 2014-01-27 00:04 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-01-28 23:20 - 2013-11-09 14:14 - 00000000 ____D () C:\Users\lui\AppData\Roaming\vlc 2014-01-28 20:26 - 2011-04-12 08:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat 2014-01-28 20:26 - 2011-04-12 08:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat 2014-01-28 20:26 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-01-28 18:07 - 2014-01-28 18:07 - 00062634 _____ () C:\EamClean.log 2014-01-28 01:32 - 2014-01-27 15:44 - 00000000 ____D () C:\Users\lui\AppData\Local\genienext 2014-01-28 00:56 - 2014-01-28 00:56 - 00132384 _____ () C:\Users\lui\Downloads\Addition.txt 2014-01-28 00:04 - 2014-01-28 00:04 - 00000546 _____ () C:\Users\lui\Desktop\Emsisoft Emergency Kit.lnk 2014-01-28 00:04 - 2014-01-28 00:04 - 00000000 ____D () C:\EEK 2014-01-28 00:02 - 2014-01-27 23:56 - 189820904 _____ () C:\Users\lui\Downloads\EmsisoftEmergencyKit_4.0.0.13.exe 2014-01-27 23:59 - 2014-01-27 23:59 - 00003364 _____ () C:\Windows\System32\Tasks\AmiUpdXp 2014-01-27 21:41 - 2013-11-10 12:37 - 00000000 ____D () C:\Windows\AutoKMS 2014-01-27 21:03 - 2014-01-27 15:44 - 00000000 ____D () C:\Users\lui\AppData\Local\Mobogenie 2014-01-27 21:03 - 2014-01-27 15:43 - 00000000 ____D () C:\Program Files (x86)\Mobogenie 2014-01-27 21:01 - 2013-11-10 14:53 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-01-27 16:07 - 2014-01-27 15:44 - 00000000 ____D () C:\Users\lui\AppData\Local\cache 2014-01-27 15:44 - 2014-01-27 15:44 - 00000000 ____D () C:\Users\lui\.android 2014-01-27 15:44 - 2014-01-27 15:44 - 00000000 _____ () C:\Users\lui\daemonprocess.txt 2014-01-27 15:44 - 2013-08-12 12:38 - 00000000 ____D () C:\Users\lui 2014-01-27 15:40 - 2014-01-27 15:40 - 00003922 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA 2014-01-27 15:40 - 2014-01-27 15:40 - 00003670 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Users\lui\AppData\Roaming\SaveSense 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Users\lui\AppData\Local\SaveSenseLive 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Users\lui\AppData\Local\SaveSense 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\ProgramData\SaveSenseLive 2014-01-27 15:40 - 2014-01-27 15:40 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive 2014-01-27 15:30 - 2013-11-10 20:14 - 00000000 ____D () C:\Users\lui\AppData\Local\CrashDumps 2014-01-27 15:28 - 2013-11-10 12:37 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job 2014-01-27 00:48 - 2014-01-27 00:48 - 00000000 ____D () C:\Users\lui\AppData\Roaming\dvdcss 2014-01-27 00:29 - 2014-01-27 00:29 - 00000000 ____D () C:\Users\lui\AppData\Roaming\XBMC 2014-01-27 00:25 - 2014-01-27 00:25 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC 2014-01-27 00:23 - 2014-01-27 00:23 - 00000000 ____D () C:\Program Files\Conduit 2014-01-27 00:23 - 2014-01-27 00:23 - 00000000 ____D () C:\Program Files (x86)\Conduit 2014-01-27 00:22 - 2014-01-27 00:22 - 00330912 _____ () C:\Users\lui\Downloads\Setup.exe 2014-01-27 00:22 - 2014-01-27 00:20 - 59604731 _____ () C:\Users\lui\Downloads\xbmc-12.3.exe 2014-01-27 00:14 - 2014-01-27 00:14 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-01-27 00:13 - 2014-01-27 00:13 - 04986624 _____ (Canneverbe Limited ) C:\Users\lui\Downloads\cdbxp_setup_4.5.2.4478_minimal.exe 2014-01-27 00:13 - 2014-01-27 00:13 - 00000873 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-01-27 00:13 - 2014-01-27 00:13 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Canneverbe Limited 2014-01-27 00:06 - 2014-01-27 00:06 - 00000805 _____ () C:\Users\Public\Desktop\AnyDVD.lnk 2014-01-27 00:05 - 2014-01-27 00:05 - 00000000 ____D () C:\Users\lui\AppData\Roaming\Opera Software 2014-01-27 00:05 - 2014-01-27 00:05 - 00000000 ____D () C:\Users\lui\AppData\Local\Opera Software 2014-01-27 00:05 - 2014-01-27 00:05 - 00000000 ____D () C:\ProgramData\SlySoft 2014-01-27 00:04 - 2014-01-27 00:04 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-01-27 00:00 - 2013-08-12 14:41 - 00000000 ____D () C:\Program Files (x86)\Google 2014-01-26 23:59 - 2013-08-12 14:41 - 00000000 ____D () C:\Users\lui\AppData\Local\Google 2014-01-26 23:56 - 2014-01-26 23:55 - 00000000 ____D () C:\Users\lui\Desktop\anydvd 2014-01-26 23:53 - 2013-11-10 11:31 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-01-26 23:29 - 2014-01-26 23:29 - 00004528 _____ () C:\Windows\System32\Tasks\Feven 2.5-updater 2014-01-26 23:29 - 2014-01-26 23:29 - 00004478 _____ () C:\Windows\System32\Tasks\Feven 2.5-codedownloader 2014-01-26 23:29 - 2014-01-26 23:29 - 00004356 _____ () C:\Windows\System32\Tasks\Feven 2.5-enabler 2014-01-26 23:29 - 2014-01-26 23:29 - 00000000 ____D () C:\ProgramData\WPM 2014-01-26 23:29 - 2014-01-26 23:28 - 00000000 ____D () C:\Program Files (x86)\Feven 2.5 2014-01-22 22:18 - 2013-11-10 11:38 - 00001906 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2014-01-19 16:04 - 2013-11-10 14:36 - 00000000 ____D () C:\Users\postgres 2014-01-18 20:25 - 2014-01-18 20:25 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-16 21:45 - 2014-02-02 19:34 - 00000500 _____ () C:\Users\lui\Documents\indexfile.txt 2014-01-16 20:39 - 2013-11-09 14:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-16 20:39 - 2013-11-09 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-16 20:39 - 2013-11-09 14:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-12 21:00 - 2013-11-10 20:16 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-01-08 19:59 - 2013-12-29 18:13 - 00439648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys Some content of TEMP: ==================== C:\Users\lui\AppData\Local\Temp\BackupSetup.exe C:\Users\lui\AppData\Local\Temp\dlLogic.exe C:\Users\lui\AppData\Local\Temp\DownloadManager.exe C:\Users\lui\AppData\Local\Temp\EnableExtDll.dll C:\Users\lui\AppData\Local\Temp\geek_x64.exe C:\Users\lui\AppData\Local\Temp\nsa8DC8.exe C:\Users\lui\AppData\Local\Temp\nsl2292.exe C:\Users\lui\AppData\Local\Temp\nsl82DC.exe C:\Users\lui\AppData\Local\Temp\nsq1E1E.exe C:\Users\lui\AppData\Local\Temp\nsw7F24.exe C:\Users\lui\AppData\Local\Temp\RegClean10.exe C:\Users\lui\AppData\Local\Temp\SearchProtectINT.exe C:\Users\lui\AppData\Local\Temp\sonarinst.exe C:\Users\lui\AppData\Local\Temp\swt-win32-3349.dll C:\Users\lui\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\lui\AppData\Local\Temp\Updater.exe C:\Users\lui\AppData\Local\Temp\vlc-2.1.1-win64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-30 20:43 ==================== End Of Log ============================ |
04.02.2014, 01:55 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | mailware im firefoxZitat:
Aus welcher Quelle stammt dein MS-Office?
__________________ |
04.02.2014, 14:15 | #3 |
| mailware im firefox ja versteh schon...
__________________Geändert von veritas23 (04.02.2014 um 14:21 Uhr) |
04.02.2014, 15:42 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | mailware im firefox Was verstehst du genau? Willst du dami sagen, dass weder Windows noch Office bei dir sauber ist? Beides gecrackt?
__________________ Logfiles bitte immer in CODE-Tags posten |
04.02.2014, 22:59 | #5 | |
| mailware im firefoxZitat:
hxxp://www.amazon.de/Windows-Professional-Service-Frustfreie-Verpackung/dp/B00BUL5WLU/ref=sr_1_1?ie=UTF8&qid=1391550731&sr=8-1&keywords=win+7+professional+64+bit und somit hat sich mein problem eh erledigt da ich den pc eh neu aufsetzen muss... aber trotzdem danke finde die beiträge hier sehr interessant |
04.02.2014, 23:16 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | mailware im firefox Windows 7 Professional ist gut, aber brauchst du das unbedingt als Heimanwender?
__________________ --> mailware im firefox |
04.02.2014, 23:25 | #7 | |
| mailware im firefoxZitat:
da es preislich jetz auch nicht mehr so der grosse sprung ist... |
04.02.2014, 23:40 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | mailware im firefox Ist deine Entscheidung, aber ich ehrlich gesagt hab auf meiner Arbeitskiste mit Win7 Pro noch nie den XP-Modus gebraucht...
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu mailware im firefox |
administrator, adobe, application.win32.installad, application.win32.optad, awesomehp, awesomehp entfernen, browser, einstellungen, emsisoft, explorer, festplatte, flash player, malware, mobogenie, mobogenie entfernen, realtek, services.exe, smartbar, software, svchost.exe, temp, traces, winlogon.exe |