![]() |
|
Plagegeister aller Art und deren Bekämpfung: Malwarebytes findet PUP.OptionalWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
|
![]() | #1 |
![]() ![]() | ![]() Malwarebytes findet PUP.Optional Tut mir Leid, war noch von der letzten LAN und habs jetzt in den Papierkorb verschoben und alles gelöscht. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by Vu (administrator) on NB-PC on 08-07-2014 16:49:47 Running from C:\Users\Vu\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-3123995978-3804113960-3980782490-1000\...\Run: [Google Update] => C:\Users\Vu\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-24] (Google Inc.) HKU\S-1-5-21-3123995978-3804113960-3980782490-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 FireFox: ======== FF ProfilePath: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default FF Homepage: about:home FF NetworkProxy: "autoconfig_url", "hxxp://r-1.ch/twitch.pac" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Vu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Vu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml FF SearchPlugin: C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26] FF Extension: Ghostery - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\Extensions\firefox@ghostery.com.xpi [2013-08-14] FF Extension: Adblock Plus - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\hxvocyvk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-21] FF Extension: No Name - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\extensions [2012-08-12] FF Extension: HTTPS-Everywhere - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2012-08-12] FF Extension: UnPlug - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\unplug@compunach [2012-08-12] FF Extension: JonDoFox - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2012-08-12] FF Extension: Cookie Monster - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2012-08-12] FF Extension: NoScript - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2012-08-12] FF Extension: ProfileSwitcher - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2012-08-12] FF Extension: Adblock Plus - C:\Users\Vu\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-17] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-18] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "hxxp://www.google.com" CHR DefaultSearchKeyword: delta-search.com CHR DefaultSearchProvider: Delta Search CHR DefaultSearchURL: hxxp://www2.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=30ddaaf0000000000000a088b4b3f8a9 CHR Plugin: (Shockwave Flash) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Vu\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll No File CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Google Update) - C:\Users\Vu\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Extension: (YouTube) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-24] CHR Extension: (Google-Suche) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-24] CHR Extension: (AdBlock) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-24] CHR Extension: (Google Wallet) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR Extension: (Google Mail) - C:\Users\Vu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-24] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] CHR StartMenuInternet: Google Chrome - C:\Users\Vu\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-21] (DT Soft Ltd) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X] S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-08 16:47 - 2014-07-08 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-07-08 16:47 - 2014-07-08 16:47 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-07-08 16:46 - 2014-07-08 16:46 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-07-08 16:41 - 2014-07-08 16:41 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Oracle 2014-07-08 16:40 - 2014-07-08 16:40 - 00004442 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log 2014-07-08 16:40 - 2014-07-08 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-08 16:40 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-08 16:40 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-08 16:40 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-08 16:40 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-08 16:35 - 2014-07-08 16:49 - 00020760 _____ () C:\Users\Vu\Desktop\FRST.txt 2014-07-08 16:33 - 2014-07-08 16:33 - 00000000 ____D () C:\Users\Vu\Downloads\FRST-OlderVersion 2014-07-07 12:04 - 2014-07-07 12:04 - 35354225 _____ () C:\Users\Vu\Downloads\Spr_SozEth_SS2014_VS11_2.wma 2014-07-05 20:38 - 2014-07-05 20:38 - 04647657 _____ () C:\Users\Vu\Downloads\superuser.zip 2014-07-05 20:38 - 2014-07-05 20:38 - 01244053 _____ () C:\Users\Vu\Downloads\UPDATE-SuperSU-v2.01.zip 2014-07-05 20:36 - 2014-07-05 20:36 - 00995769 _____ () C:\Users\Vu\Downloads\Odin3_v3.09.zip 2014-07-05 20:18 - 2014-07-05 20:50 - 00000000 ____D () C:\Users\Vu\Desktop\android reset 2014-07-05 19:15 - 2014-07-05 19:42 - 603968962 _____ () C:\Users\Vu\Downloads\I9100XWLSD_I9100DBTLS7_DBT.zip 2014-07-05 15:45 - 2014-07-05 15:45 - 02347384 _____ (ESET) C:\Users\Vu\Downloads\esetsmartinstaller_deu.exe 2014-07-05 15:36 - 2014-07-05 15:36 - 01016261 _____ (Thisisu) C:\Users\Vu\Downloads\JRT.exe 2014-07-05 15:27 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-05 15:26 - 2014-07-05 15:26 - 01346519 _____ () C:\Users\Vu\Downloads\adwcleaner_3.214.exe 2014-07-04 10:46 - 2014-07-04 10:46 - 00026693 _____ () C:\Users\Vu\Downloads\Addition.txt 2014-07-04 10:44 - 2014-07-04 10:46 - 00040408 _____ () C:\Users\Vu\Downloads\FRST.txt 2014-07-04 10:43 - 2014-07-08 16:33 - 02084352 _____ (Farbar) C:\Users\Vu\Desktop\FRST64.exe 2014-07-04 10:13 - 2014-07-05 16:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-04 10:13 - 2014-07-04 10:13 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-04 10:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-04 10:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-03 22:15 - 2014-07-03 22:15 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2014-07-03 22:15 - 2014-07-03 22:15 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2014-07-03 22:15 - 2014-07-03 22:15 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2014-07-03 22:15 - 2014-07-03 22:15 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2014-07-03 22:15 - 2014-07-03 22:15 - 00001646 _____ () C:\Users\Public\Desktop\Hammerwatch.lnk 2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Program Files (x86)\OpenAL 2014-07-03 10:50 - 2014-07-03 10:50 - 00110421 _____ () C:\Users\Vu\Downloads\1185Sozialisation2.pptm 2014-06-23 22:35 - 2014-06-23 22:36 - 13661969 _____ () C:\Users\Vu\Downloads\tp-cindy-the-tail-of-two-pace-asianpornforum.com.part2.rar 2014-06-23 15:48 - 2014-06-23 15:48 - 00000000 ____D () C:\Users\Vu\Desktop\BEAST - Good Luck 2014-06-23 15:18 - 2014-06-23 15:38 - 60867279 _____ () C:\Users\Vu\Downloads\BEAST (B2ST) - Good Luck (6th Mini Album).rar 2014-06-18 08:04 - 2014-06-18 08:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 00:11 - 2014-06-13 14:34 - 00000000 ____D () C:\Users\Vu\Desktop\Richard David Precht 2014-06-17 23:58 - 2014-06-18 00:00 - 19504354 _____ () C:\Users\Vu\Downloads\david prichard ebooks.rar 2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieUserList 2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieSiteList 2014-06-12 00:56 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 00:56 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-12 00:56 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 00:56 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-12 00:56 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-12 00:56 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-12 00:56 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 00:56 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-12 00:56 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-12 00:56 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-12 00:56 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-12 00:56 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-12 00:56 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-12 00:56 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-12 00:56 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-12 00:56 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-12 00:56 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-12 00:56 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 00:56 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-12 00:56 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-12 00:56 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-12 00:56 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-12 00:56 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-12 00:56 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-12 00:56 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-12 00:56 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-12 00:56 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-12 00:56 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 00:56 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 00:56 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-12 00:56 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-12 00:56 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-12 00:56 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-12 00:56 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-12 00:56 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-12 00:56 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-12 00:56 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-12 00:56 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-12 00:56 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-12 00:56 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-12 00:56 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-12 00:56 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 00:56 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-12 00:56 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 00:56 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-12 00:56 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-12 00:56 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-12 00:56 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-12 00:56 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 00:56 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-12 00:56 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 00:56 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-12 00:56 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-12 00:56 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-12 00:56 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-12 00:56 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-12 00:56 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-12 00:56 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-12 00:56 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-12 00:56 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-12 00:56 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-06-12 00:55 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 00:55 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-12 00:55 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-12 00:55 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 22:16 - 2014-07-08 16:49 - 00000000 ____D () C:\FRST ==================== One Month Modified Files and Folders ======= 2014-07-08 16:49 - 2014-07-08 16:35 - 00020760 _____ () C:\Users\Vu\Desktop\FRST.txt 2014-07-08 16:49 - 2014-06-11 22:16 - 00000000 ____D () C:\FRST 2014-07-08 16:47 - 2014-07-08 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-07-08 16:47 - 2014-07-08 16:47 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-07-08 16:46 - 2014-07-08 16:46 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-07-08 16:46 - 2013-02-25 13:08 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-08 16:43 - 2013-09-07 20:16 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-07-08 16:43 - 2012-07-31 17:45 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-08 16:42 - 2013-06-08 17:33 - 00000000 ____D () C:\Program Files (x86)\2K Games 2014-07-08 16:41 - 2014-07-08 16:41 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Oracle 2014-07-08 16:41 - 2013-05-19 12:53 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-08 16:40 - 2014-07-08 16:40 - 00004442 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log 2014-07-08 16:40 - 2014-07-08 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-08 16:40 - 2013-10-18 02:23 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-08 16:40 - 2012-08-12 22:09 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-08 16:40 - 2012-07-24 21:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000UA.job 2014-07-08 16:36 - 2014-02-02 20:20 - 00918952 _____ (Oracle Corporation) C:\Users\Vu\Downloads\jxpiinstall.exe 2014-07-08 16:33 - 2014-07-08 16:33 - 00000000 ____D () C:\Users\Vu\Downloads\FRST-OlderVersion 2014-07-08 16:33 - 2014-07-04 10:43 - 02084352 _____ (Farbar) C:\Users\Vu\Desktop\FRST64.exe 2014-07-08 16:20 - 2009-07-14 06:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-08 16:20 - 2009-07-14 06:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-08 16:16 - 2012-07-21 16:52 - 01831569 _____ () C:\Windows\WindowsUpdate.log 2014-07-08 16:13 - 2013-05-19 12:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-08 16:12 - 2013-07-05 11:18 - 00062195 _____ () C:\Windows\setupact.log 2014-07-08 16:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-08 03:01 - 2012-07-21 22:18 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Skype 2014-07-07 22:40 - 2012-07-24 21:28 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000Core.job 2014-07-07 12:04 - 2014-07-07 12:04 - 35354225 _____ () C:\Users\Vu\Downloads\Spr_SozEth_SS2014_VS11_2.wma 2014-07-06 12:16 - 2013-08-17 07:27 - 00038574 _____ () C:\Windows\PFRO.log 2014-07-05 20:50 - 2014-07-05 20:18 - 00000000 ____D () C:\Users\Vu\Desktop\android reset 2014-07-05 20:38 - 2014-07-05 20:38 - 04647657 _____ () C:\Users\Vu\Downloads\superuser.zip 2014-07-05 20:38 - 2014-07-05 20:38 - 01244053 _____ () C:\Users\Vu\Downloads\UPDATE-SuperSU-v2.01.zip 2014-07-05 20:38 - 2013-10-12 13:27 - 01587023 _____ () C:\Users\Vu\Downloads\CWM.zip 2014-07-05 20:36 - 2014-07-05 20:36 - 00995769 _____ () C:\Users\Vu\Downloads\Odin3_v3.09.zip 2014-07-05 20:31 - 2012-09-23 16:52 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\vlc 2014-07-05 20:26 - 2013-10-12 13:58 - 00147841 _____ () C:\Users\Vu\Downloads\mecss_Fullwipe_Script_v1.3_mit-with_SDCard.zip 2014-07-05 19:42 - 2014-07-05 19:15 - 603968962 _____ () C:\Users\Vu\Downloads\I9100XWLSD_I9100DBTLS7_DBT.zip 2014-07-05 16:41 - 2014-07-04 10:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-05 15:45 - 2014-07-05 15:45 - 02347384 _____ (ESET) C:\Users\Vu\Downloads\esetsmartinstaller_deu.exe 2014-07-05 15:36 - 2014-07-05 15:36 - 01016261 _____ (Thisisu) C:\Users\Vu\Downloads\JRT.exe 2014-07-05 15:28 - 2013-09-09 13:25 - 00000000 ____D () C:\AdwCleaner 2014-07-05 15:26 - 2014-07-05 15:26 - 01346519 _____ () C:\Users\Vu\Downloads\adwcleaner_3.214.exe 2014-07-04 10:46 - 2014-07-04 10:46 - 00026693 _____ () C:\Users\Vu\Downloads\Addition.txt 2014-07-04 10:46 - 2014-07-04 10:44 - 00040408 _____ () C:\Users\Vu\Downloads\FRST.txt 2014-07-04 10:13 - 2014-07-04 10:13 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-04 10:13 - 2014-07-04 10:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-04 10:13 - 2012-07-21 22:35 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Malwarebytes 2014-07-04 10:13 - 2012-07-21 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-03 22:15 - 2014-07-03 22:15 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2014-07-03 22:15 - 2014-07-03 22:15 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2014-07-03 22:15 - 2014-07-03 22:15 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2014-07-03 22:15 - 2014-07-03 22:15 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2014-07-03 22:15 - 2014-07-03 22:15 - 00001646 _____ () C:\Users\Public\Desktop\Hammerwatch.lnk 2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Program Files (x86)\OpenAL 2014-07-03 22:15 - 2013-11-03 03:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2014-07-03 22:15 - 2013-11-03 03:09 - 00000000 ____D () C:\GOG Games 2014-07-03 22:15 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-03 10:50 - 2014-07-03 10:50 - 00110421 _____ () C:\Users\Vu\Downloads\1185Sozialisation2.pptm 2014-07-01 09:58 - 2009-07-14 19:58 - 00698926 _____ () C:\Windows\system32\perfh007.dat 2014-07-01 09:58 - 2009-07-14 19:58 - 00149034 _____ () C:\Windows\system32\perfc007.dat 2014-07-01 09:58 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-30 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-23 22:49 - 2013-07-26 17:44 - 00000000 ____D () C:\Users\Vu\AppData\Local\Facebook 2014-06-23 22:36 - 2014-06-23 22:35 - 13661969 _____ () C:\Users\Vu\Downloads\tp-cindy-the-tail-of-two-pace-asianpornforum.com.part2.rar 2014-06-23 21:40 - 2013-04-07 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games 2014-06-23 21:15 - 2012-11-05 08:29 - 00000000 ___RD () C:\Users\Vu\Dropbox 2014-06-23 21:15 - 2012-11-05 08:27 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\Dropbox 2014-06-23 15:48 - 2014-06-23 15:48 - 00000000 ____D () C:\Users\Vu\Desktop\BEAST - Good Luck 2014-06-23 15:38 - 2014-06-23 15:18 - 60867279 _____ () C:\Users\Vu\Downloads\BEAST (B2ST) - Good Luck (6th Mini Album).rar 2014-06-23 15:37 - 2014-06-04 19:06 - 00000000 ____D () C:\Users\Vu\AppData\Roaming\DropboxMaster 2014-06-20 18:36 - 2013-05-19 12:53 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-20 18:36 - 2013-05-19 12:53 - 00003846 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-19 11:45 - 2013-09-07 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-18 08:05 - 2014-06-18 08:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 00:13 - 2013-09-03 18:10 - 00000000 ____D () C:\Users\Vu\Documents\Calibre-Bibliothek 2014-06-18 00:00 - 2014-06-17 23:58 - 19504354 _____ () C:\Users\Vu\Downloads\david prichard ebooks.rar 2014-06-17 22:35 - 2012-07-24 21:28 - 00004072 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000UA 2014-06-17 22:35 - 2012-07-24 21:28 - 00003676 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3123995978-3804113960-3980782490-1000Core 2014-06-16 20:56 - 2014-01-16 17:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-06-16 20:31 - 2012-07-21 22:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-16 10:11 - 2012-07-21 22:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-16 10:11 - 2012-07-21 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-16 10:11 - 2012-07-21 22:29 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieUserList 2014-06-14 16:31 - 2014-06-14 16:31 - 00000000 __SHD () C:\Users\Vu\AppData\Local\EmieSiteList 2014-06-13 15:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-13 14:34 - 2014-06-18 00:11 - 00000000 ____D () C:\Users\Vu\Desktop\Richard David Precht 2014-06-12 02:17 - 2013-08-14 10:45 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 02:15 - 2012-07-21 20:33 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-10 09:30 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Files to move or delete: ==================== C:\ProgramData\JonDoSetup.paf.exe C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\Vu\AppData\Local\temp\avgnt.exe C:\Users\Vu\AppData\Local\temp\Checkupdate.exe C:\Users\Vu\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjybcua.dll C:\Users\Vu\AppData\Local\temp\Foxit Reader Updater.exe C:\Users\Vu\AppData\Local\temp\gcapi_dll.dll C:\Users\Vu\AppData\Local\temp\gtapi_signed.dll C:\Users\Vu\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe C:\Users\Vu\AppData\Local\temp\Quarantine.exe C:\Users\Vu\AppData\Local\temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-28 16:43 ==================== End Of Log ============================ Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01 Ran by Vu at 2014-07-08 16:33:38 Run:1 Running from C:\Users\Vu\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Vu\Downloads\vlc-2.0.2-win64.exe C:\Users\Vu\Downloads\free-download-cardrecovery-v610-build.exe C:\$RECYCLE.BIN\S-1-5-21-3123995978-3804113960-3980782490-1000\$RZZ19ST.7z ***************** C:\Users\Vu\Downloads\vlc-2.0.2-win64.exe => Moved successfully. C:\Users\Vu\Downloads\free-download-cardrecovery-v610-build.exe => Moved successfully. "C:\$RECYCLE.BIN\S-1-5-21-3123995978-3804113960-3980782490-1000\$RZZ19ST.7z" => File/Directory not found. ==== End of Fixlog ==== boreal |
![]() | #2 |
/// TB-Ausbilder ![]() ![]() ![]() | ![]() Malwarebytes findet PUP.Optional Hab was übersehen:
__________________Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Chrome Einstellung zurücksetzen Bitte folge dieser Anleitung und setze die Browsereinstellung für Chrome zurück Schritt 3 Starte noch einmal FRST.
|
![]() |
Themen zu Malwarebytes findet PUP.Optional |
android/leadbolt.e, bildschirm, bluestacks, combofix, desktop, festplatte, firefox, flash player, homepage, iexplore.exe, office 365, programm, pup.optional.delta.a, pwmtr64v.dll, schutz, services.exe, software, svchost.exe, win32/downware.l, win32/packed.vmprotect.abd, win32/startpage.oph, win32/toolbar.montiera.a, win32/toolbar.montiera.b, win32/toolbar.montiera.j, windows |