PUP.Optional.Bandoo.A kommt immer wieder Hallo,
leider habe ich mir PUP.Optional.Bandoo.A eingefangen.
Vermutlich bei einem Java-update, aber nicht sicher.
Malwarebytes' Anti-Malware findet ihn jedesmal und entfernt ihn wohl auch, doch nach einem Neustart vom Laptop ist er jedesmal wieder da.
Habe gestern Abend Logfiles mal nach eurer Anleitung erstellt.
FRST.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014
Ran by ******* (administrator) on ******* on 06-02-2014 21:24:33
Running from C:\Users\*******\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Realtek\Realtek WHCI\RunAppSvc.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Realtek\Realtek WHCI\UWBMg.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Program Files (x86)\Hotkey Utility\tray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419704 2009-08-20] (CSR, plc)
HKLM\...\Run: [CSRFTP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe [463216 2009-08-20] (CSR, plc)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535392 2009-08-20] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431456 2009-08-20] (CSR, plc)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [265216 2008-04-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [FIC HotKey] - C:\Program Files (x86)\Hotkey Utility\tray.exe [1049088 2009-08-20] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll => File Not Found
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll => File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\taskmgr.exe (Microsoft Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Versuch Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ts.fujitsu.com/index2
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPDF169DF6-BF5D-4663-B795-9994130D6ED3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPDF169DF6-BF5D-4663-B795-9994130D6ED3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {6C650BB5-8D71-4B1D-B152-B6EB9C51BD6D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=CF785C5E-D783-45CE-A257-4DA6A794BC7E&apn_sauid=4AFE317C-5377-4BB7-BFD4-8A0A7B25F5EA
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
BHO: No Name - {9D717F81-9148-4f12-8568-69135F087DB0} - No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - D:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - D:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @innoplus.de/inoPanoViewer - D:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft Choice Guard - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\ChoiceGuard@Microsoft [2012-06-09]
FF Extension: German Dictionary - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-13]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\de_DE@dicts.j3e.de [2013-09-14]
FF Extension: FRITZ!Box AddOn - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\fb_add_on@avm.de [2013-04-12]
FF Extension: Cooliris - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\piclens@cooliris.com [2012-02-09]
FF Extension: Search Results Toolbar - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b} [2012-03-06]
FF Extension: Password Exporter - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-01-19]
FF Extension: DownloadHelper - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-26]
FF Extension: Personas Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\personas@christopher.beard.xpi [2013-03-02]
FF Extension: ImTranslator - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-03-24]
FF Extension: FoxTab - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012-02-21]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe
Chrome:
=======
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-15] (Adobe Systems)
S3 AdobeActiveFileMonitor8.0; D:\Program Files\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [69120 2010-12-18] (Autodesk, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] ()
R2 RunAppSvc; C:\Program Files (x86)\Realtek\Realtek WHCI\RunAppSvc.exe [65536 2009-04-08] ()
S3 SamsungAllShareV2.0; D:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2011-12-16] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; D:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2011-12-16] (Samsung Electronics Co., Ltd.)
R2 TeamViewer8; D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [3467768 2012-12-14] (TeamViewer GmbH)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2012-09-01] ()
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145792 2009-08-20] (CSR, plc)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3379440 2013-04-16] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 DiskSec; C:\Windows\System32\Drivers\DiskSec.sys [27616 2009-09-23] (MAGIX)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)
R3 UPCDRV; C:\Windows\System32\DRIVERS\UPCDRV.sys [12800 2009-07-29] (First International Computer, Inc.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-09-01] (CyberLink Corp.)
S3 BthAvrcp; system32\DRIVERS\BthAvrcp.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-06 21:24 - 2014-02-06 21:24 - 00018560 _____ () C:\Users\*******\Desktop\FRST.txt
2014-02-06 21:24 - 2014-02-06 21:24 - 00000000 ____D () C:\Users\*******\Desktop\FRST-OlderVersion
2014-02-06 20:53 - 2014-02-06 20:53 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\*******\Downloads\SpyHunter-Installer.exe
2014-02-06 20:19 - 2014-02-06 20:19 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-02-06 20:17 - 2014-02-06 20:17 - 13697720 _____ (Microsoft Corporation) C:\Users\*******\Downloads\mseinstall.exe
2014-02-06 20:09 - 2014-02-06 20:24 - 00034506 _____ () C:\Users\*******\Downloads\Addition.txt
2014-02-06 20:08 - 2014-02-06 20:24 - 00032226 _____ () C:\Users\*******\Downloads\FRST.txt
2014-02-06 20:07 - 2014-02-06 21:24 - 00000000 ____D () C:\FRST
2014-02-06 20:05 - 2014-02-06 21:24 - 02079744 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-02-06 19:57 - 2014-02-06 21:09 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-02-06 19:57 - 2014-02-06 19:57 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Nico Mak Computing
2014-02-06 19:55 - 2014-02-06 19:55 - 04892480 _____ (WinZip International LLC ) C:\Users\*******\Downloads\wzmp_8.exe
2014-02-05 22:33 - 2014-02-05 22:33 - 00329609 _____ () C:\Users\*******\Desktop\bookmarks-2014-02-05.json
2014-02-05 22:23 - 2014-02-06 19:08 - 00000112 _____ () C:\Windows\setupact.log
2014-02-05 22:23 - 2014-02-05 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-05 20:33 - 2014-02-05 20:33 - 01431792 _____ (iMesh Inc) C:\Users\*******\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 20:05 - 2014-02-05 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-02 12:00 - 2014-02-03 20:15 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-02-02 12:00 - 2014-02-02 12:03 - 00000000 ____D () C:\Users\*******\AppData\Local\Lollipop
2014-02-02 12:00 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Roaming\SpeedyPC Software
2014-02-02 12:00 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DriverCure
2014-02-02 11:59 - 2014-02-02 12:03 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-02-02 11:59 - 2014-02-02 11:59 - 00000000 _____ () C:\END
2014-02-01 16:56 - 2014-02-01 16:56 - 00000000 ____D () C:\Users\*******\Documents\MAGIX Speed
2014-01-24 21:55 - 2014-02-06 21:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 21:55 - 2014-02-05 21:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-24 21:08 - 2014-01-24 21:08 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2014-01-24 21:07 - 2014-01-24 21:07 - 00000000 ____D () C:\Users\*******\AppData\Local\Gigaset_Communications_Gm
2014-01-24 21:06 - 2014-01-24 21:06 - 00000000 ____D () C:\Program Files (x86)\Gigaset QuickSync
2014-01-24 20:50 - 2014-01-24 20:50 - 00000000 ____D () C:\Users\*******\AppData\Local\Shaw Computer
2014-01-21 18:02 - 2014-01-21 18:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 17:58 - 2014-01-21 17:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 00000000 ____D () C:\Program Files\Java
2014-01-18 14:43 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 14:43 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 14:43 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-06 21:24 - 2014-02-06 21:24 - 00018560 _____ () C:\Users\*******\Desktop\FRST.txt
2014-02-06 21:24 - 2014-02-06 21:24 - 00000000 ____D () C:\Users\*******\Desktop\FRST-OlderVersion
2014-02-06 21:24 - 2014-02-06 20:07 - 00000000 ____D () C:\FRST
2014-02-06 21:24 - 2014-02-06 20:05 - 02079744 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-02-06 21:09 - 2014-02-06 19:57 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Nico Mak Computing
2014-02-06 21:09 - 2014-02-06 19:57 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-02-06 21:05 - 2014-01-24 21:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-06 21:04 - 2010-01-19 22:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 21:04 - 2010-01-19 22:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 20:53 - 2014-02-06 20:53 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\*******\Downloads\SpyHunter-Installer.exe
2014-02-06 20:24 - 2014-02-06 20:09 - 00034506 _____ () C:\Users\*******\Downloads\Addition.txt
2014-02-06 20:24 - 2014-02-06 20:08 - 00032226 _____ () C:\Users\*******\Downloads\FRST.txt
2014-02-06 20:19 - 2014-02-06 20:19 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-02-06 20:17 - 2014-02-06 20:17 - 13697720 _____ (Microsoft Corporation) C:\Users\*******\Downloads\mseinstall.exe
2014-02-06 19:57 - 2010-01-19 21:45 - 01292691 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 19:55 - 2014-02-06 19:55 - 04892480 _____ (WinZip International LLC ) C:\Users\*******\Downloads\wzmp_8.exe
2014-02-06 19:16 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 19:16 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 19:09 - 2012-09-27 20:04 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-06 19:08 - 2014-02-05 22:23 - 00000112 _____ () C:\Windows\setupact.log
2014-02-06 19:08 - 2012-09-22 23:22 - 00000316 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-02-06 19:08 - 2010-01-19 14:26 - 00000250 _____ () C:\Windows\SysWOW64\RunAppSvc.log
2014-02-06 19:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 22:33 - 2014-02-05 22:33 - 00329609 _____ () C:\Users\*******\Desktop\bookmarks-2014-02-05.json
2014-02-05 22:23 - 2014-02-05 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-05 22:23 - 2012-04-24 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 21:05 - 2014-01-24 21:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 21:05 - 2012-03-31 11:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 21:05 - 2012-02-23 22:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 20:33 - 2014-02-05 20:33 - 01431792 _____ (iMesh Inc) C:\Users\*******\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 20:06 - 2014-02-05 20:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 20:04 - 2011-11-12 13:54 - 00000000 ____D () C:\Users\*******\AppData\Roaming\MyPhoneExplorer
2014-02-03 21:06 - 2010-11-01 17:40 - 00000000 ____D () C:\Users\*******\AppData\Roaming\FileZilla
2014-02-03 21:05 - 2009-08-10 12:39 - 00000000 ____D () C:\Windows\Panther
2014-02-03 20:15 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-02-03 19:33 - 2010-02-08 00:39 - 00016384 _____ () C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-02 20:33 - 2010-01-25 14:09 - 00000000 ____D () C:\Users\*******\Documents\MAGIX_Video_deluxe_16_Premium
2014-02-02 12:03 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Local\Lollipop
2014-02-02 12:03 - 2014-02-02 11:59 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-02-02 12:00 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Roaming\SpeedyPC Software
2014-02-02 12:00 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DriverCure
2014-02-02 11:59 - 2014-02-02 11:59 - 00000000 _____ () C:\END
2014-02-02 11:59 - 2012-08-30 06:57 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-01 16:56 - 2014-02-01 16:56 - 00000000 ____D () C:\Users\*******\Documents\MAGIX Speed
2014-02-01 15:35 - 2010-01-19 14:20 - 00000000 ____D () C:\Users\*******\AppData\Local\Adobe
2014-02-01 11:40 - 2010-02-11 23:42 - 00000000 ____D () C:\Users\*******\dwhelper
2014-01-24 21:08 - 2014-01-24 21:08 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2014-01-24 21:07 - 2014-01-24 21:07 - 00000000 ____D () C:\Users\*******\AppData\Local\Gigaset_Communications_Gm
2014-01-24 21:06 - 2014-01-24 21:06 - 00000000 ____D () C:\Program Files (x86)\Gigaset QuickSync
2014-01-24 21:05 - 2011-11-07 22:27 - 00000000 ____D () C:\Users\*******\AppData\Local\Downloaded Installations
2014-01-24 20:50 - 2014-01-24 20:50 - 00000000 ____D () C:\Users\*******\AppData\Local\Shaw Computer
2014-01-23 20:50 - 2009-08-10 12:51 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-01-23 20:50 - 2009-08-10 12:51 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-01-23 20:50 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-21 18:09 - 2013-10-20 10:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-21 18:02 - 2014-01-21 18:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 17:58 - 2014-01-21 17:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 00000000 ____D () C:\Program Files\Java
2014-01-21 17:50 - 2010-01-19 14:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-21 17:50 - 2010-01-19 14:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-20 19:42 - 2009-07-14 05:45 - 00523504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-18 14:47 - 2013-07-12 20:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 14:43 - 2010-01-20 14:49 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 09:59 - 2010-01-22 14:40 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-09 21:38 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\avgnt.exe
C:\Users\*******\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-01 12:29
==================== End Of Log ============================ GMER Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-06 21:45:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer.exe; Driver: C:\Users\******\AppData\Local\Temp\uxlyipog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003203000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000320302f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753f1465 2 bytes [3F, 75]
.text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753f14bb 2 bytes [3F, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d1d95c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d1d95c@001813c22f42 0xA1 0x24 0xCD 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d1d95c@38ece48bd7fd 0x8A 0x13 0xDC 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d1d95c@fcc7343e2741 0x54 0x1F 0x9C 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d1d95c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d1d95c@001813c22f42 0xA1 0x24 0xCD 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d1d95c@38ece48bd7fd 0x8A 0x13 0xDC 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d1d95c@fcc7343e2741 0x54 0x1F 0x9C 0xD2 ...
---- EOF - GMER 2.1 ---- mbam gestern Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.02.06.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
******* :: *******-AMILO [Administrator]
06.02.2014 21:53:26
mbam-log-2014-02-06 (21-53-26).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 284545
Laufzeit: 7 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\*******\Downloads\iMeshSetup-r1487-w-bf.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) mbam heute Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.02.07.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
******** :: ********-AMILO [Administrator]
07.02.2014 16:12:28
mbam-log-2014-02-07 (16-12-28).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 284538
Laufzeit: 9 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende) Gemerkt habe ich es dadurch, das Firefox gemeldet hat das ein Programm versucht hat auf eine andere Seite umzuleiten.
Hoffe ihr könnt mir helfen.
Ciao |