| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes findet PUP.OptionalWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
08.07.2014, 15:51
| #1 |
 |  Malwarebytes findet PUP.Optional Tut mir Leid, war noch von der letzten LAN und habs jetzt in den Papierkorb verschoben und alles gelöscht. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Vu (administrator) on NB-PC on 08-07-2014 16:49:47
Running from C:\Users\Vu\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3123995978-3804113960-3980782490-1000\...\Run: [Google Update] => C:\Users\Vu\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-24] (Google Inc.)
HKU\S-1-5-21-3123995978-3804113960-3980782490-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default
FF Homepage: about:home
FF NetworkProxy: "autoconfig_url", "hxxp://r-1.ch/twitch.pac"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Vu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Vu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Ghostery - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\Extensions\firefox@ghostery.com.xpi [2013-08-14]
FF Extension: Adblock Plus - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-21]
FF Extension: No Name - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\extensions [2012-08-12]
FF Extension: HTTPS-Everywhere - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2012-08-12]
FF Extension: UnPlug - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\unplug@compunach [2012-08-12]
FF Extension: JonDoFox - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2012-08-12]
FF Extension: Cookie Monster - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2012-08-12]
FF Extension: NoScript - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2012-08-12]
FF Extension: ProfileSwitcher - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2012-08-12]
FF Extension: Adblock Plus - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-18]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www2.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=30ddaaf0000000000000a088b4b3f8a9
CHR Plugin: (Shockwave Flash) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Google Update) - C:\Users\Vu\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-24]
CHR Extension: (Google-Suche) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-24]
CHR Extension: (AdBlock) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-24]
CHR Extension: (Google Wallet) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Vu\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-21] (DT Soft Ltd)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-08 16:47 - 2014-07-08 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-08 16:47 - 2014-07-08 16:47 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-08 16:46 - 2014-07-08 16:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-08 16:41 - 2014-07-08 16:41 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Oracle
2014-07-08 16:40 - 2014-07-08 16:40 - 00004442 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-08 16:40 - 2014-07-08 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-08 16:40 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-08 16:40 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-08 16:40 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-08 16:40 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-08 16:35 - 2014-07-08 16:49 - 00020760 _____ () C:\Users\Vu\Desktop\FRST.txt
2014-07-08 16:33 - 2014-07-08 16:33 - 00000000 ____D () C:\Users\Vu\Downloads\FRST-OlderVersion
2014-07-07 12:04 - 2014-07-07 12:04 - 35354225 _____ () C:\Users\Vu\Downloads\Spr_SozEth_SS2014_VS11_2.wma
2014-07-05 20:38 - 2014-07-05 20:38 - 04647657 _____ () C:\Users\Vu\Downloads\superuser.zip
2014-07-05 20:38 - 2014-07-05 20:38 - 01244053 _____ () C:\Users\Vu\Downloads\UPDATE-SuperSU-v2.01.zip
2014-07-05 20:36 - 2014-07-05 20:36 - 00995769 _____ () C:\Users\Vu\Downloads\Odin3_v3.09.zip
2014-07-05 20:18 - 2014-07-05 20:50 - 00000000 ____D () C:\Users\Vu\Desktop\android reset
2014-07-05 19:15 - 2014-07-05 19:42 - 603968962 _____ () C:\Users\Vu\Downloads\I9100XWLSD_I9100DBTLS7_DBT.zip
2014-07-05 15:45 - 2014-07-05 15:45 - 02347384 _____ (ESET) C:\Users\Vu\Downloads\esetsmartinstaller_deu.exe
2014-07-05 15:36 - 2014-07-05 15:36 - 01016261 _____ (Thisisu) C:\Users\Vu\Downloads\JRT.exe
2014-07-05 15:27 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-05 15:26 - 2014-07-05 15:26 - 01346519 _____ () C:\Users\Vu\Downloads\adwcleaner_3.214.exe
2014-07-04 10:46 - 2014-07-04 10:46 - 00026693 _____ () C:\Users\Vu\Downloads\Addition.txt
2014-07-04 10:44 - 2014-07-04 10:46 - 00040408 _____ () C:\Users\Vu\Downloads\FRST.txt
2014-07-04 10:43 - 2014-07-08 16:33 - 02084352 _____ (Farbar) C:\Users\Vu\Desktop\FRST64.exe
2014-07-04 10:13 - 2014-07-05 16:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 10:13 - 2014-07-04 10:13 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-04 10:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 10:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-03 22:15 - 2014-07-03 22:15 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00001646 _____ () C:\Users\Public\Desktop\Hammerwatch.lnk
2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-03 10:50 - 2014-07-03 10:50 - 00110421 _____ () C:\Users\Vu\Downloads\1185Sozialisation2.pptm
2014-06-23 22:35 - 2014-06-23 22:36 - 13661969 _____ () C:\Users\Vu\Downloads\tp-cindy-the-tail-of-two-pace-asianpornforum.com.part2.rar
2014-06-23 15:48 - 2014-06-23 15:48 - 00000000 ____D () C:\Users\Vu\Desktop\BEAST - Good Luck
2014-06-23 15:18 - 2014-06-23 15:38 - 60867279 _____ () C:\Users\Vu\Downloads\BEAST (B2ST) - Good Luck (6th Mini Album).rar
2014-06-18 08:04 - 2014-06-18 08:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 00:11 - 2014-06-13 14:34 - 00000000 ____D () C:\Users\Vu\Desktop\Richard David Precht
2014-06-17 23:58 - 2014-06-18 00:00 - 19504354 _____ () C:\Users\Vu\Downloads\david prichard ebooks.rar
2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieUserList
2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieSiteList
2014-06-12 00:56 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 00:56 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 00:56 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 00:56 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 00:56 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 00:56 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 00:56 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 00:56 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 00:56 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 00:56 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 00:56 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 00:56 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 00:56 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 00:56 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 00:56 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 00:56 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 00:56 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 00:56 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 00:56 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 00:56 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 00:56 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 00:56 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 00:56 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 00:56 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 00:56 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 00:56 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 00:56 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 00:56 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 00:56 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 00:56 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 00:56 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 00:56 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 00:56 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 00:56 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 00:56 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 00:56 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 00:56 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 00:56 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 00:56 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 00:56 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 00:56 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 00:56 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 00:56 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 00:56 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 00:56 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 00:56 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 00:56 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 00:56 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 00:56 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 00:56 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 00:56 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 00:56 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 00:56 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 00:56 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 00:56 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 00:56 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 00:56 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 00:56 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 00:56 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 00:56 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 00:56 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-12 00:55 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 00:55 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 00:55 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 00:55 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 22:16 - 2014-07-08 16:49 - 00000000 ____D () C:\FRST
==================== One Month Modified Files and Folders =======
2014-07-08 16:49 - 2014-07-08 16:35 - 00020760 _____ () C:\Users\Vu\Desktop\FRST.txt
2014-07-08 16:49 - 2014-06-11 22:16 - 00000000 ____D () C:\FRST
2014-07-08 16:47 - 2014-07-08 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-08 16:47 - 2014-07-08 16:47 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-08 16:46 - 2014-07-08 16:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-08 16:46 - 2013-02-25 13:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-08 16:43 - 2013-09-07 20:16 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-08 16:43 - 2012-07-31 17:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-08 16:42 - 2013-06-08 17:33 - 00000000 ____D () C:\Program Files (x86)\2K Games
2014-07-08 16:41 - 2014-07-08 16:41 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Oracle
2014-07-08 16:41 - 2013-05-19 12:53 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 16:40 - 2014-07-08 16:40 - 00004442 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-08 16:40 - 2014-07-08 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-08 16:40 - 2013-10-18 02:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-08 16:40 - 2012-08-12 22:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-08 16:40 - 2012-07-24 21:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000UA.job
2014-07-08 16:36 - 2014-02-02 20:20 - 00918952 _____ (Oracle Corporation) C:\Users\Vu\Downloads\jxpiinstall.exe
2014-07-08 16:33 - 2014-07-08 16:33 - 00000000 ____D () C:\Users\Vu\Downloads\FRST-OlderVersion
2014-07-08 16:33 - 2014-07-04 10:43 - 02084352 _____ (Farbar) C:\Users\Vu\Desktop\FRST64.exe
2014-07-08 16:20 - 2009-07-14 06:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 16:20 - 2009-07-14 06:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 16:16 - 2012-07-21 16:52 - 01831569 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 16:13 - 2013-05-19 12:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 16:12 - 2013-07-05 11:18 - 00062195 _____ () C:\Windows\setupact.log
2014-07-08 16:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-08 03:01 - 2012-07-21 22:18 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Skype
2014-07-07 22:40 - 2012-07-24 21:28 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000Core.job
2014-07-07 12:04 - 2014-07-07 12:04 - 35354225 _____ () C:\Users\Vu\Downloads\Spr_SozEth_SS2014_VS11_2.wma
2014-07-06 12:16 - 2013-08-17 07:27 - 00038574 _____ () C:\Windows\PFRO.log
2014-07-05 20:50 - 2014-07-05 20:18 - 00000000 ____D () C:\Users\Vu\Desktop\android reset
2014-07-05 20:38 - 2014-07-05 20:38 - 04647657 _____ () C:\Users\Vu\Downloads\superuser.zip
2014-07-05 20:38 - 2014-07-05 20:38 - 01244053 _____ () C:\Users\Vu\Downloads\UPDATE-SuperSU-v2.01.zip
2014-07-05 20:38 - 2013-10-12 13:27 - 01587023 _____ () C:\Users\Vu\Downloads\CWM.zip
2014-07-05 20:36 - 2014-07-05 20:36 - 00995769 _____ () C:\Users\Vu\Downloads\Odin3_v3.09.zip
2014-07-05 20:31 - 2012-09-23 16:52 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\vlc
2014-07-05 20:26 - 2013-10-12 13:58 - 00147841 _____ () C:\Users\Vu\Downloads\mecss_Fullwipe_Script_v1.3_mit-with_SDCard.zip
2014-07-05 19:42 - 2014-07-05 19:15 - 603968962 _____ () C:\Users\Vu\Downloads\I9100XWLSD_I9100DBTLS7_DBT.zip
2014-07-05 16:41 - 2014-07-04 10:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 15:45 - 2014-07-05 15:45 - 02347384 _____ (ESET) C:\Users\Vu\Downloads\esetsmartinstaller_deu.exe
2014-07-05 15:36 - 2014-07-05 15:36 - 01016261 _____ (Thisisu) C:\Users\Vu\Downloads\JRT.exe
2014-07-05 15:28 - 2013-09-09 13:25 - 00000000 ____D () C:\AdwCleaner
2014-07-05 15:26 - 2014-07-05 15:26 - 01346519 _____ () C:\Users\Vu\Downloads\adwcleaner_3.214.exe
2014-07-04 10:46 - 2014-07-04 10:46 - 00026693 _____ () C:\Users\Vu\Downloads\Addition.txt
2014-07-04 10:46 - 2014-07-04 10:44 - 00040408 _____ () C:\Users\Vu\Downloads\FRST.txt
2014-07-04 10:13 - 2014-07-04 10:13 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-04 10:13 - 2012-07-21 22:35 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Malwarebytes
2014-07-04 10:13 - 2012-07-21 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 22:15 - 2014-07-03 22:15 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00001646 _____ () C:\Users\Public\Desktop\Hammerwatch.lnk
2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-03 22:15 - 2013-11-03 03:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-07-03 22:15 - 2013-11-03 03:09 - 00000000 ____D () C:\GOG Games
2014-07-03 22:15 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-03 10:50 - 2014-07-03 10:50 - 00110421 _____ () C:\Users\Vu\Downloads\1185Sozialisation2.pptm
2014-07-01 09:58 - 2009-07-14 19:58 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-07-01 09:58 - 2009-07-14 19:58 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-07-01 09:58 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 22:49 - 2013-07-26 17:44 - 00000000 ____D () C:\Users\Vu\AppData\Local\Facebook
2014-06-23 22:36 - 2014-06-23 22:35 - 13661969 _____ () C:\Users\Vu\Downloads\tp-cindy-the-tail-of-two-pace-asianpornforum.com.part2.rar
2014-06-23 21:40 - 2013-04-07 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2014-06-23 21:15 - 2012-11-05 08:29 - 00000000 ___RD () C:\Users\Vu\Dropbox
2014-06-23 21:15 - 2012-11-05 08:27 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Dropbox
2014-06-23 15:48 - 2014-06-23 15:48 - 00000000 ____D () C:\Users\Vu\Desktop\BEAST - Good Luck
2014-06-23 15:38 - 2014-06-23 15:18 - 60867279 _____ () C:\Users\Vu\Downloads\BEAST (B2ST) - Good Luck (6th Mini Album).rar
2014-06-23 15:37 - 2014-06-04 19:06 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\DropboxMaster
2014-06-20 18:36 - 2013-05-19 12:53 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 18:36 - 2013-05-19 12:53 - 00003846 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 11:45 - 2013-09-07 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 08:05 - 2014-06-18 08:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 00:13 - 2013-09-03 18:10 - 00000000 ____D () C:\Users\Vu\Documents\Calibre-Bibliothek
2014-06-18 00:00 - 2014-06-17 23:58 - 19504354 _____ () C:\Users\Vu\Downloads\david prichard ebooks.rar
2014-06-17 22:35 - 2012-07-24 21:28 - 00004072 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000UA
2014-06-17 22:35 - 2012-07-24 21:28 - 00003676 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000Core
2014-06-16 20:56 - 2014-01-16 17:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-16 20:31 - 2012-07-21 22:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-16 10:11 - 2012-07-21 22:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-16 10:11 - 2012-07-21 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-16 10:11 - 2012-07-21 22:29 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieUserList
2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieSiteList
2014-06-13 15:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 14:34 - 2014-06-18 00:11 - 00000000 ____D () C:\Users\Vu\Desktop\Richard David Precht
2014-06-12 02:17 - 2013-08-14 10:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 02:15 - 2012-07-21 20:33 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-10 09:30 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Files to move or delete:
====================
C:\ProgramData\JonDoSetup.paf.exe
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\Vu\AppData\Local\temp\avgnt.exe
C:\Users\Vu\AppData\Local\temp\Checkupdate.exe
C:\Users\Vu\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjybcua.dll
C:\Users\Vu\AppData\Local\temp\Foxit Reader Updater.exe
C:\Users\Vu\AppData\Local\temp\gcapi_dll.dll
C:\Users\Vu\AppData\Local\temp\gtapi_signed.dll
C:\Users\Vu\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Vu\AppData\Local\temp\Quarantine.exe
C:\Users\Vu\AppData\Local\temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 16:43
==================== End Of Log ============================
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Vu at 2014-07-08 16:33:38 Run:1
Running from C:\Users\Vu\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Vu\Downloads\vlc-2.0.2-win64.exe
C:\Users\Vu\Downloads\free-download-cardrecovery-v610-build.exe
C:\$RECYCLE.BIN\S-1-5-21-3123995978-3804113960-3980782490-1000\$RZZ19ST.7z
*****************
C:\Users\Vu\Downloads\vlc-2.0.2-win64.exe => Moved successfully.
C:\Users\Vu\Downloads\free-download-cardrecovery-v610-build.exe => Moved successfully.
"C:\$RECYCLE.BIN\S-1-5-21-3123995978-3804113960-3980782490-1000\$RZZ19ST.7z" => File/Directory not found.
==== End of Fixlog ====
boreal |
|
09.07.2014, 11:41
| #2 |
| /// TB-Ausbilder   | Malwarebytes findet PUP.Optional Hab was übersehen:
__________________Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Chrome Einstellung zurücksetzen Bitte folge dieser Anleitung und setze die Browsereinstellung für Chrome zurück Schritt 3 Starte noch einmal FRST.
|
|
| Themen zu Malwarebytes findet PUP.Optional |
| android/leadbolt.e, bildschirm, bluestacks, combofix, desktop, festplatte, firefox, flash player, homepage, iexplore.exe, office 365, programm, pup.optional.delta.a, pwmtr64v.dll, schutz, services.exe, software, svchost.exe, win32/downware.l, win32/packed.vmprotect.abd, win32/startpage.oph, win32/toolbar.montiera.a, win32/toolbar.montiera.b, win32/toolbar.montiera.j, windows |
Hybrid-Darstellung
