Malwarebytes findet PUP.Optional

Boreal · 08.07.2014, 15:51

Tut mir Leid, war noch von der letzten LAN und habs jetzt in den Papierkorb verschoben und alles gelöscht.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Vu (administrator) on NB-PC on 08-07-2014 16:49:47
Running from C:\Users\Vu\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3123995978-3804113960-3980782490-1000\...\Run: [Google Update] => C:\Users\Vu\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-24] (Google Inc.)
HKU\S-1-5-21-3123995978-3804113960-3980782490-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default
FF Homepage: about:home
FF NetworkProxy: "autoconfig_url", "hxxp://r-1.ch/twitch.pac"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Vu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Vu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Ghostery - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\Extensions\firefox@ghostery.com.xpi [2013-08-14]
FF Extension: Adblock Plus - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-21]
FF Extension: No Name - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\extensions [2012-08-12]
FF Extension: HTTPS-Everywhere - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2012-08-12]
FF Extension: UnPlug - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\unplug@compunach [2012-08-12]
FF Extension: JonDoFox - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2012-08-12]
FF Extension: Cookie Monster - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2012-08-12]
FF Extension: NoScript - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2012-08-12]
FF Extension: ProfileSwitcher - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2012-08-12]
FF Extension: Adblock Plus - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-18]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www2.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=30ddaaf0000000000000a088b4b3f8a9
CHR Plugin: (Shockwave Flash) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Google Update) - C:\Users\Vu\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-24]
CHR Extension: (Google-Suche) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-24]
CHR Extension: (AdBlock) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-24]
CHR Extension: (Google Wallet) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Vu\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-21] (DT Soft Ltd)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-08 16:47 - 2014-07-08 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-08 16:47 - 2014-07-08 16:47 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-08 16:46 - 2014-07-08 16:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-08 16:41 - 2014-07-08 16:41 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Oracle
2014-07-08 16:40 - 2014-07-08 16:40 - 00004442 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-08 16:40 - 2014-07-08 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-08 16:40 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-08 16:40 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-08 16:40 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-08 16:40 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-08 16:35 - 2014-07-08 16:49 - 00020760 _____ () C:\Users\Vu\Desktop\FRST.txt
2014-07-08 16:33 - 2014-07-08 16:33 - 00000000 ____D () C:\Users\Vu\Downloads\FRST-OlderVersion
2014-07-07 12:04 - 2014-07-07 12:04 - 35354225 _____ () C:\Users\Vu\Downloads\Spr_SozEth_SS2014_VS11_2.wma
2014-07-05 20:38 - 2014-07-05 20:38 - 04647657 _____ () C:\Users\Vu\Downloads\superuser.zip
2014-07-05 20:38 - 2014-07-05 20:38 - 01244053 _____ () C:\Users\Vu\Downloads\UPDATE-SuperSU-v2.01.zip
2014-07-05 20:36 - 2014-07-05 20:36 - 00995769 _____ () C:\Users\Vu\Downloads\Odin3_v3.09.zip
2014-07-05 20:18 - 2014-07-05 20:50 - 00000000 ____D () C:\Users\Vu\Desktop\android reset
2014-07-05 19:15 - 2014-07-05 19:42 - 603968962 _____ () C:\Users\Vu\Downloads\I9100XWLSD_I9100DBTLS7_DBT.zip
2014-07-05 15:45 - 2014-07-05 15:45 - 02347384 _____ (ESET) C:\Users\Vu\Downloads\esetsmartinstaller_deu.exe
2014-07-05 15:36 - 2014-07-05 15:36 - 01016261 _____ (Thisisu) C:\Users\Vu\Downloads\JRT.exe
2014-07-05 15:27 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-05 15:26 - 2014-07-05 15:26 - 01346519 _____ () C:\Users\Vu\Downloads\adwcleaner_3.214.exe
2014-07-04 10:46 - 2014-07-04 10:46 - 00026693 _____ () C:\Users\Vu\Downloads\Addition.txt
2014-07-04 10:44 - 2014-07-04 10:46 - 00040408 _____ () C:\Users\Vu\Downloads\FRST.txt
2014-07-04 10:43 - 2014-07-08 16:33 - 02084352 _____ (Farbar) C:\Users\Vu\Desktop\FRST64.exe
2014-07-04 10:13 - 2014-07-05 16:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 10:13 - 2014-07-04 10:13 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 10:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 10:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-03 22:15 - 2014-07-03 22:15 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00001646 _____ () C:\Users\Public\Desktop\Hammerwatch.lnk
2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-03 10:50 - 2014-07-03 10:50 - 00110421 _____ () C:\Users\Vu\Downloads\1185Sozialisation2.pptm
2014-06-23 22:35 - 2014-06-23 22:36 - 13661969 _____ () C:\Users\Vu\Downloads\tp-cindy-the-tail-of-two-pace-asianpornforum.com.part2.rar
2014-06-23 15:48 - 2014-06-23 15:48 - 00000000 ____D () C:\Users\Vu\Desktop\BEAST - Good Luck
2014-06-23 15:18 - 2014-06-23 15:38 - 60867279 _____ () C:\Users\Vu\Downloads\BEAST (B2ST) -  Good Luck (6th Mini Album).rar
2014-06-18 08:04 - 2014-06-18 08:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 00:11 - 2014-06-13 14:34 - 00000000 ____D () C:\Users\Vu\Desktop\Richard David Precht
2014-06-17 23:58 - 2014-06-18 00:00 - 19504354 _____ () C:\Users\Vu\Downloads\david prichard ebooks.rar
2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieUserList
2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieSiteList
2014-06-12 00:56 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 00:56 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 00:56 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 00:56 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 00:56 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 00:56 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 00:56 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 00:56 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 00:56 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 00:56 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 00:56 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 00:56 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 00:56 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 00:56 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 00:56 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 00:56 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 00:56 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 00:56 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 00:56 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 00:56 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 00:56 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 00:56 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 00:56 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 00:56 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 00:56 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 00:56 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 00:56 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 00:56 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 00:56 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 00:56 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 00:56 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 00:56 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 00:56 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 00:56 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 00:56 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 00:56 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 00:56 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 00:56 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 00:56 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 00:56 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 00:56 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 00:56 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 00:56 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 00:56 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 00:56 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 00:56 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 00:56 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 00:56 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 00:56 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 00:56 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 00:56 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 00:56 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 00:56 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 00:56 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 00:56 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 00:56 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 00:56 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 00:56 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 00:56 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 00:56 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 00:56 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-12 00:55 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 00:55 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 00:55 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 00:55 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 22:16 - 2014-07-08 16:49 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-07-08 16:49 - 2014-07-08 16:35 - 00020760 _____ () C:\Users\Vu\Desktop\FRST.txt
2014-07-08 16:49 - 2014-06-11 22:16 - 00000000 ____D () C:\FRST
2014-07-08 16:47 - 2014-07-08 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-08 16:47 - 2014-07-08 16:47 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-08 16:46 - 2014-07-08 16:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-08 16:46 - 2013-02-25 13:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-08 16:43 - 2013-09-07 20:16 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-08 16:43 - 2012-07-31 17:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-08 16:42 - 2013-06-08 17:33 - 00000000 ____D () C:\Program Files (x86)\2K Games
2014-07-08 16:41 - 2014-07-08 16:41 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Oracle
2014-07-08 16:41 - 2013-05-19 12:53 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 16:40 - 2014-07-08 16:40 - 00004442 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-08 16:40 - 2014-07-08 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-08 16:40 - 2013-10-18 02:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-08 16:40 - 2012-08-12 22:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-08 16:40 - 2012-07-24 21:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000UA.job
2014-07-08 16:36 - 2014-02-02 20:20 - 00918952 _____ (Oracle Corporation) C:\Users\Vu\Downloads\jxpiinstall.exe
2014-07-08 16:33 - 2014-07-08 16:33 - 00000000 ____D () C:\Users\Vu\Downloads\FRST-OlderVersion
2014-07-08 16:33 - 2014-07-04 10:43 - 02084352 _____ (Farbar) C:\Users\Vu\Desktop\FRST64.exe
2014-07-08 16:20 - 2009-07-14 06:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 16:20 - 2009-07-14 06:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 16:16 - 2012-07-21 16:52 - 01831569 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 16:13 - 2013-05-19 12:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 16:12 - 2013-07-05 11:18 - 00062195 _____ () C:\Windows\setupact.log
2014-07-08 16:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-08 03:01 - 2012-07-21 22:18 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Skype
2014-07-07 22:40 - 2012-07-24 21:28 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000Core.job
2014-07-07 12:04 - 2014-07-07 12:04 - 35354225 _____ () C:\Users\Vu\Downloads\Spr_SozEth_SS2014_VS11_2.wma
2014-07-06 12:16 - 2013-08-17 07:27 - 00038574 _____ () C:\Windows\PFRO.log
2014-07-05 20:50 - 2014-07-05 20:18 - 00000000 ____D () C:\Users\Vu\Desktop\android reset
2014-07-05 20:38 - 2014-07-05 20:38 - 04647657 _____ () C:\Users\Vu\Downloads\superuser.zip
2014-07-05 20:38 - 2014-07-05 20:38 - 01244053 _____ () C:\Users\Vu\Downloads\UPDATE-SuperSU-v2.01.zip
2014-07-05 20:38 - 2013-10-12 13:27 - 01587023 _____ () C:\Users\Vu\Downloads\CWM.zip
2014-07-05 20:36 - 2014-07-05 20:36 - 00995769 _____ () C:\Users\Vu\Downloads\Odin3_v3.09.zip
2014-07-05 20:31 - 2012-09-23 16:52 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\vlc
2014-07-05 20:26 - 2013-10-12 13:58 - 00147841 _____ () C:\Users\Vu\Downloads\mecss_Fullwipe_Script_v1.3_mit-with_SDCard.zip
2014-07-05 19:42 - 2014-07-05 19:15 - 603968962 _____ () C:\Users\Vu\Downloads\I9100XWLSD_I9100DBTLS7_DBT.zip
2014-07-05 16:41 - 2014-07-04 10:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 15:45 - 2014-07-05 15:45 - 02347384 _____ (ESET) C:\Users\Vu\Downloads\esetsmartinstaller_deu.exe
2014-07-05 15:36 - 2014-07-05 15:36 - 01016261 _____ (Thisisu) C:\Users\Vu\Downloads\JRT.exe
2014-07-05 15:28 - 2013-09-09 13:25 - 00000000 ____D () C:\AdwCleaner
2014-07-05 15:26 - 2014-07-05 15:26 - 01346519 _____ () C:\Users\Vu\Downloads\adwcleaner_3.214.exe
2014-07-04 10:46 - 2014-07-04 10:46 - 00026693 _____ () C:\Users\Vu\Downloads\Addition.txt
2014-07-04 10:46 - 2014-07-04 10:44 - 00040408 _____ () C:\Users\Vu\Downloads\FRST.txt
2014-07-04 10:13 - 2014-07-04 10:13 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 10:13 - 2012-07-21 22:35 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Malwarebytes
2014-07-04 10:13 - 2012-07-21 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 22:15 - 2014-07-03 22:15 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-07-03 22:15 - 2014-07-03 22:15 - 00001646 _____ () C:\Users\Public\Desktop\Hammerwatch.lnk
2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-03 22:15 - 2013-11-03 03:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-07-03 22:15 - 2013-11-03 03:09 - 00000000 ____D () C:\GOG Games
2014-07-03 22:15 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-03 10:50 - 2014-07-03 10:50 - 00110421 _____ () C:\Users\Vu\Downloads\1185Sozialisation2.pptm
2014-07-01 09:58 - 2009-07-14 19:58 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-07-01 09:58 - 2009-07-14 19:58 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-07-01 09:58 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 22:49 - 2013-07-26 17:44 - 00000000 ____D () C:\Users\Vu\AppData\Local\Facebook
2014-06-23 22:36 - 2014-06-23 22:35 - 13661969 _____ () C:\Users\Vu\Downloads\tp-cindy-the-tail-of-two-pace-asianpornforum.com.part2.rar
2014-06-23 21:40 - 2013-04-07 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2014-06-23 21:15 - 2012-11-05 08:29 - 00000000 ___RD () C:\Users\Vu\Dropbox
2014-06-23 21:15 - 2012-11-05 08:27 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Dropbox
2014-06-23 15:48 - 2014-06-23 15:48 - 00000000 ____D () C:\Users\Vu\Desktop\BEAST - Good Luck
2014-06-23 15:38 - 2014-06-23 15:18 - 60867279 _____ () C:\Users\Vu\Downloads\BEAST (B2ST) -  Good Luck (6th Mini Album).rar
2014-06-23 15:37 - 2014-06-04 19:06 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\DropboxMaster
2014-06-20 18:36 - 2013-05-19 12:53 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 18:36 - 2013-05-19 12:53 - 00003846 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 11:45 - 2013-09-07 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 08:05 - 2014-06-18 08:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 00:13 - 2013-09-03 18:10 - 00000000 ____D () C:\Users\Vu\Documents\Calibre-Bibliothek
2014-06-18 00:00 - 2014-06-17 23:58 - 19504354 _____ () C:\Users\Vu\Downloads\david prichard ebooks.rar
2014-06-17 22:35 - 2012-07-24 21:28 - 00004072 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000UA
2014-06-17 22:35 - 2012-07-24 21:28 - 00003676 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000Core
2014-06-16 20:56 - 2014-01-16 17:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-16 20:31 - 2012-07-21 22:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-16 10:11 - 2012-07-21 22:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-16 10:11 - 2012-07-21 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-16 10:11 - 2012-07-21 22:29 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieUserList
2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieSiteList
2014-06-13 15:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 14:34 - 2014-06-18 00:11 - 00000000 ____D () C:\Users\Vu\Desktop\Richard David Precht
2014-06-12 02:17 - 2013-08-14 10:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 02:15 - 2012-07-21 20:33 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-10 09:30 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\JonDoSetup.paf.exe
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Vu\AppData\Local\temp\avgnt.exe
C:\Users\Vu\AppData\Local\temp\Checkupdate.exe
C:\Users\Vu\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjybcua.dll
C:\Users\Vu\AppData\Local\temp\Foxit Reader Updater.exe
C:\Users\Vu\AppData\Local\temp\gcapi_dll.dll
C:\Users\Vu\AppData\Local\temp\gtapi_signed.dll
C:\Users\Vu\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Vu\AppData\Local\temp\Quarantine.exe
C:\Users\Vu\AppData\Local\temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 16:43

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Vu at 2014-07-08 16:33:38 Run:1
Running from C:\Users\Vu\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Vu\Downloads\vlc-2.0.2-win64.exe
C:\Users\Vu\Downloads\free-download-cardrecovery-v610-build.exe
C:\$RECYCLE.BIN\S-1-5-21-3123995978-3804113960-3980782490-1000\$RZZ19ST.7z
*****************

C:\Users\Vu\Downloads\vlc-2.0.2-win64.exe => Moved successfully.
C:\Users\Vu\Downloads\free-download-cardrecovery-v610-build.exe => Moved successfully.
"C:\$RECYCLE.BIN\S-1-5-21-3123995978-3804113960-3980782490-1000\$RZZ19ST.7z" => File/Directory not found.

==== End of Fixlog ====

Mfg,
boreal

Malwarebytes findet PUP.Optional

Plagegeister aller Art und deren Bekämpfung: Malwarebytes findet PUP.Optional

Malwarebytes findet PUP.Optional

Ähnliche Themen: Malwarebytes findet PUP.Optional