| |
| |||||||
Log-Analyse und Auswertung: PUP.Optional.Bandoo.A kommt immer wiederWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.02.2014, 16:47
| #1 |
| |  PUP.Optional.Bandoo.A kommt immer wieder Hallo, leider habe ich mir PUP.Optional.Bandoo.A eingefangen. Vermutlich bei einem Java-update, aber nicht sicher. Malwarebytes' Anti-Malware findet ihn jedesmal und entfernt ihn wohl auch, doch nach einem Neustart vom Laptop ist er jedesmal wieder da. Habe gestern Abend Logfiles mal nach eurer Anleitung erstellt. FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014
Ran by ******* (administrator) on ******* on 06-02-2014 21:24:33
Running from C:\Users\*******\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Realtek\Realtek WHCI\RunAppSvc.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Realtek\Realtek WHCI\UWBMg.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Program Files (x86)\Hotkey Utility\tray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419704 2009-08-20] (CSR, plc)
HKLM\...\Run: [CSRFTP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe [463216 2009-08-20] (CSR, plc)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535392 2009-08-20] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431456 2009-08-20] (CSR, plc)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [265216 2008-04-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [FIC HotKey] - C:\Program Files (x86)\Hotkey Utility\tray.exe [1049088 2009-08-20] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll => File Not Found
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll => File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\taskmgr.exe (Microsoft Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Versuch Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ts.fujitsu.com/index2
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPDF169DF6-BF5D-4663-B795-9994130D6ED3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPDF169DF6-BF5D-4663-B795-9994130D6ED3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {6C650BB5-8D71-4B1D-B152-B6EB9C51BD6D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=CF785C5E-D783-45CE-A257-4DA6A794BC7E&apn_sauid=4AFE317C-5377-4BB7-BFD4-8A0A7B25F5EA
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
BHO: No Name - {9D717F81-9148-4f12-8568-69135F087DB0} - No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - D:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - D:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @innoplus.de/inoPanoViewer - D:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft Choice Guard - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\ChoiceGuard@Microsoft [2012-06-09]
FF Extension: German Dictionary - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-13]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\de_DE@dicts.j3e.de [2013-09-14]
FF Extension: FRITZ!Box AddOn - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\fb_add_on@avm.de [2013-04-12]
FF Extension: Cooliris - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\piclens@cooliris.com [2012-02-09]
FF Extension: Search Results Toolbar - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b} [2012-03-06]
FF Extension: Password Exporter - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-01-19]
FF Extension: DownloadHelper - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-26]
FF Extension: Personas Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\personas@christopher.beard.xpi [2013-03-02]
FF Extension: ImTranslator - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-03-24]
FF Extension: FoxTab - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012-02-21]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe
Chrome:
=======
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-15] (Adobe Systems)
S3 AdobeActiveFileMonitor8.0; D:\Program Files\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [69120 2010-12-18] (Autodesk, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] ()
R2 RunAppSvc; C:\Program Files (x86)\Realtek\Realtek WHCI\RunAppSvc.exe [65536 2009-04-08] ()
S3 SamsungAllShareV2.0; D:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2011-12-16] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; D:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2011-12-16] (Samsung Electronics Co., Ltd.)
R2 TeamViewer8; D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [3467768 2012-12-14] (TeamViewer GmbH)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2012-09-01] ()
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145792 2009-08-20] (CSR, plc)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3379440 2013-04-16] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 DiskSec; C:\Windows\System32\Drivers\DiskSec.sys [27616 2009-09-23] (MAGIX)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)
R3 UPCDRV; C:\Windows\System32\DRIVERS\UPCDRV.sys [12800 2009-07-29] (First International Computer, Inc.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-09-01] (CyberLink Corp.)
S3 BthAvrcp; system32\DRIVERS\BthAvrcp.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-06 21:24 - 2014-02-06 21:24 - 00018560 _____ () C:\Users\*******\Desktop\FRST.txt
2014-02-06 21:24 - 2014-02-06 21:24 - 00000000 ____D () C:\Users\*******\Desktop\FRST-OlderVersion
2014-02-06 20:53 - 2014-02-06 20:53 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\*******\Downloads\SpyHunter-Installer.exe
2014-02-06 20:19 - 2014-02-06 20:19 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-02-06 20:17 - 2014-02-06 20:17 - 13697720 _____ (Microsoft Corporation) C:\Users\*******\Downloads\mseinstall.exe
2014-02-06 20:09 - 2014-02-06 20:24 - 00034506 _____ () C:\Users\*******\Downloads\Addition.txt
2014-02-06 20:08 - 2014-02-06 20:24 - 00032226 _____ () C:\Users\*******\Downloads\FRST.txt
2014-02-06 20:07 - 2014-02-06 21:24 - 00000000 ____D () C:\FRST
2014-02-06 20:05 - 2014-02-06 21:24 - 02079744 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-02-06 19:57 - 2014-02-06 21:09 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-02-06 19:57 - 2014-02-06 19:57 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Nico Mak Computing
2014-02-06 19:55 - 2014-02-06 19:55 - 04892480 _____ (WinZip International LLC ) C:\Users\*******\Downloads\wzmp_8.exe
2014-02-05 22:33 - 2014-02-05 22:33 - 00329609 _____ () C:\Users\*******\Desktop\bookmarks-2014-02-05.json
2014-02-05 22:23 - 2014-02-06 19:08 - 00000112 _____ () C:\Windows\setupact.log
2014-02-05 22:23 - 2014-02-05 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-05 20:33 - 2014-02-05 20:33 - 01431792 _____ (iMesh Inc) C:\Users\*******\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 20:05 - 2014-02-05 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-02 12:00 - 2014-02-03 20:15 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-02-02 12:00 - 2014-02-02 12:03 - 00000000 ____D () C:\Users\*******\AppData\Local\Lollipop
2014-02-02 12:00 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Roaming\SpeedyPC Software
2014-02-02 12:00 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DriverCure
2014-02-02 11:59 - 2014-02-02 12:03 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-02-02 11:59 - 2014-02-02 11:59 - 00000000 _____ () C:\END
2014-02-01 16:56 - 2014-02-01 16:56 - 00000000 ____D () C:\Users\*******\Documents\MAGIX Speed
2014-01-24 21:55 - 2014-02-06 21:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 21:55 - 2014-02-05 21:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-24 21:08 - 2014-01-24 21:08 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2014-01-24 21:07 - 2014-01-24 21:07 - 00000000 ____D () C:\Users\*******\AppData\Local\Gigaset_Communications_Gm
2014-01-24 21:06 - 2014-01-24 21:06 - 00000000 ____D () C:\Program Files (x86)\Gigaset QuickSync
2014-01-24 20:50 - 2014-01-24 20:50 - 00000000 ____D () C:\Users\*******\AppData\Local\Shaw Computer
2014-01-21 18:02 - 2014-01-21 18:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 17:58 - 2014-01-21 17:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 00000000 ____D () C:\Program Files\Java
2014-01-18 14:43 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 14:43 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 14:43 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-06 21:24 - 2014-02-06 21:24 - 00018560 _____ () C:\Users\*******\Desktop\FRST.txt
2014-02-06 21:24 - 2014-02-06 21:24 - 00000000 ____D () C:\Users\*******\Desktop\FRST-OlderVersion
2014-02-06 21:24 - 2014-02-06 20:07 - 00000000 ____D () C:\FRST
2014-02-06 21:24 - 2014-02-06 20:05 - 02079744 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-02-06 21:09 - 2014-02-06 19:57 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Nico Mak Computing
2014-02-06 21:09 - 2014-02-06 19:57 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-02-06 21:05 - 2014-01-24 21:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-06 21:04 - 2010-01-19 22:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 21:04 - 2010-01-19 22:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 20:53 - 2014-02-06 20:53 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\*******\Downloads\SpyHunter-Installer.exe
2014-02-06 20:24 - 2014-02-06 20:09 - 00034506 _____ () C:\Users\*******\Downloads\Addition.txt
2014-02-06 20:24 - 2014-02-06 20:08 - 00032226 _____ () C:\Users\*******\Downloads\FRST.txt
2014-02-06 20:19 - 2014-02-06 20:19 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-02-06 20:17 - 2014-02-06 20:17 - 13697720 _____ (Microsoft Corporation) C:\Users\*******\Downloads\mseinstall.exe
2014-02-06 19:57 - 2010-01-19 21:45 - 01292691 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 19:55 - 2014-02-06 19:55 - 04892480 _____ (WinZip International LLC ) C:\Users\*******\Downloads\wzmp_8.exe
2014-02-06 19:16 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 19:16 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 19:09 - 2012-09-27 20:04 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-06 19:08 - 2014-02-05 22:23 - 00000112 _____ () C:\Windows\setupact.log
2014-02-06 19:08 - 2012-09-22 23:22 - 00000316 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-02-06 19:08 - 2010-01-19 14:26 - 00000250 _____ () C:\Windows\SysWOW64\RunAppSvc.log
2014-02-06 19:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 22:33 - 2014-02-05 22:33 - 00329609 _____ () C:\Users\*******\Desktop\bookmarks-2014-02-05.json
2014-02-05 22:23 - 2014-02-05 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-05 22:23 - 2012-04-24 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 21:05 - 2014-01-24 21:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 21:05 - 2012-03-31 11:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 21:05 - 2012-02-23 22:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 20:33 - 2014-02-05 20:33 - 01431792 _____ (iMesh Inc) C:\Users\*******\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 20:06 - 2014-02-05 20:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 20:04 - 2011-11-12 13:54 - 00000000 ____D () C:\Users\*******\AppData\Roaming\MyPhoneExplorer
2014-02-03 21:06 - 2010-11-01 17:40 - 00000000 ____D () C:\Users\*******\AppData\Roaming\FileZilla
2014-02-03 21:05 - 2009-08-10 12:39 - 00000000 ____D () C:\Windows\Panther
2014-02-03 20:15 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-02-03 19:33 - 2010-02-08 00:39 - 00016384 _____ () C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-02 20:33 - 2010-01-25 14:09 - 00000000 ____D () C:\Users\*******\Documents\MAGIX_Video_deluxe_16_Premium
2014-02-02 12:03 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Local\Lollipop
2014-02-02 12:03 - 2014-02-02 11:59 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-02-02 12:00 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Roaming\SpeedyPC Software
2014-02-02 12:00 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DriverCure
2014-02-02 11:59 - 2014-02-02 11:59 - 00000000 _____ () C:\END
2014-02-02 11:59 - 2012-08-30 06:57 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-01 16:56 - 2014-02-01 16:56 - 00000000 ____D () C:\Users\*******\Documents\MAGIX Speed
2014-02-01 15:35 - 2010-01-19 14:20 - 00000000 ____D () C:\Users\*******\AppData\Local\Adobe
2014-02-01 11:40 - 2010-02-11 23:42 - 00000000 ____D () C:\Users\*******\dwhelper
2014-01-24 21:08 - 2014-01-24 21:08 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2014-01-24 21:07 - 2014-01-24 21:07 - 00000000 ____D () C:\Users\*******\AppData\Local\Gigaset_Communications_Gm
2014-01-24 21:06 - 2014-01-24 21:06 - 00000000 ____D () C:\Program Files (x86)\Gigaset QuickSync
2014-01-24 21:05 - 2011-11-07 22:27 - 00000000 ____D () C:\Users\*******\AppData\Local\Downloaded Installations
2014-01-24 20:50 - 2014-01-24 20:50 - 00000000 ____D () C:\Users\*******\AppData\Local\Shaw Computer
2014-01-23 20:50 - 2009-08-10 12:51 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-01-23 20:50 - 2009-08-10 12:51 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-01-23 20:50 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-21 18:09 - 2013-10-20 10:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-21 18:02 - 2014-01-21 18:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 17:58 - 2014-01-21 17:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 00000000 ____D () C:\Program Files\Java
2014-01-21 17:50 - 2010-01-19 14:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-21 17:50 - 2010-01-19 14:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-20 19:42 - 2009-07-14 05:45 - 00523504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-18 14:47 - 2013-07-12 20:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 14:43 - 2010-01-20 14:49 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 09:59 - 2010-01-22 14:40 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-09 21:38 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\avgnt.exe
C:\Users\*******\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-01 12:29
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-06 21:45:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer.exe; Driver: C:\Users\******\AppData\Local\Temp\uxlyipog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003203000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000320302f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753f1465 2 bytes [3F, 75]
.text C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753f14bb 2 bytes [3F, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d1d95c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d1d95c@001813c22f42 0xA1 0x24 0xCD 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d1d95c@38ece48bd7fd 0x8A 0x13 0xDC 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d1d95c@fcc7343e2741 0x54 0x1F 0x9C 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d1d95c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d1d95c@001813c22f42 0xA1 0x24 0xCD 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d1d95c@38ece48bd7fd 0x8A 0x13 0xDC 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d1d95c@fcc7343e2741 0x54 0x1F 0x9C 0xD2 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.06.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 ******* :: *******-AMILO [Administrator] 06.02.2014 21:53:26 mbam-log-2014-02-06 (21-53-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 284545 Laufzeit: 7 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\*******\Downloads\iMeshSetup-r1487-w-bf.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.07.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 ******** :: ********-AMILO [Administrator] 07.02.2014 16:12:28 mbam-log-2014-02-07 (16-12-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 284538 Laufzeit: 9 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hoffe ihr könnt mir helfen. Ciao |
|
07.02.2014, 17:13
| #2 |
| /// the machine /// TB-Ausbilder    | PUP.Optional.Bandoo.A kommt immer wieder hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
07.02.2014, 17:59
| #3 |
| | PUP.Optional.Bandoo.A kommt immer wieder Vielen Dank schon mal für deine Hilfe !!
__________________Hier die Logs FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014
Ran by ******** (administrator) on ********-AMILO on 07-02-2014 17:45:58
Running from C:\Users\********\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Realtek\Realtek WHCI\RunAppSvc.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Realtek\Realtek WHCI\UWBMg.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Program Files (x86)\Hotkey Utility\tray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419704 2009-08-20] (CSR, plc)
HKLM\...\Run: [CSRFTP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe [463216 2009-08-20] (CSR, plc)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535392 2009-08-20] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431456 2009-08-20] (CSR, plc)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [265216 2008-04-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [FIC HotKey] - C:\Program Files (x86)\Hotkey Utility\tray.exe [1049088 2009-08-20] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\taskmgr.exe (Microsoft Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Versuch Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ts.fujitsu.com/index2
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - D:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - D:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @innoplus.de/inoPanoViewer - D:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft Choice Guard - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\ChoiceGuard@Microsoft [2012-06-09]
FF Extension: German Dictionary - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-13]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\de_DE@dicts.j3e.de [2013-09-14]
FF Extension: FRITZ!Box AddOn - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\fb_add_on@avm.de [2013-04-12]
FF Extension: Cooliris - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\piclens@cooliris.com [2012-02-09]
FF Extension: Password Exporter - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-01-19]
FF Extension: DownloadHelper - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-26]
FF Extension: Personas Plus - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\personas@christopher.beard.xpi [2013-03-02]
FF Extension: ImTranslator - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-03-24]
FF Extension: FoxTab - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012-02-21]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe
Chrome:
=======
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-15] (Adobe Systems)
S3 AdobeActiveFileMonitor8.0; D:\Program Files\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [69120 2010-12-18] (Autodesk, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] ()
R2 RunAppSvc; C:\Program Files (x86)\Realtek\Realtek WHCI\RunAppSvc.exe [65536 2009-04-08] ()
S3 SamsungAllShareV2.0; D:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2011-12-16] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; D:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2011-12-16] (Samsung Electronics Co., Ltd.)
R2 TeamViewer8; D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [3467768 2012-12-14] (TeamViewer GmbH)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2012-09-01] ()
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145792 2009-08-20] (CSR, plc)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3379440 2013-04-16] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 DiskSec; C:\Windows\System32\Drivers\DiskSec.sys [27616 2009-09-23] (MAGIX)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)
R3 UPCDRV; C:\Windows\System32\DRIVERS\UPCDRV.sys [12800 2009-07-29] (First International Computer, Inc.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-09-01] (CyberLink Corp.)
S3 BthAvrcp; system32\DRIVERS\BthAvrcp.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-07 17:39 - 2014-02-07 17:39 - 00000985 _____ () C:\Users\********\Desktop\JRT.txt
2014-02-07 17:32 - 2014-02-07 17:32 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 17:30 - 2014-02-07 17:30 - 01037530 _____ (Thisisu) C:\Users\********\Desktop\JRT_6.1.1.exe
2014-02-07 17:19 - 2014-02-07 17:43 - 00000112 _____ () C:\Windows\setupact.log
2014-02-07 17:19 - 2014-02-07 17:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-07 17:13 - 2014-02-07 17:42 - 00000000 ____D () C:\AdwCleaner
2014-02-07 17:12 - 2014-02-07 17:13 - 01166132 _____ () C:\Users\********\Desktop\adwcleaner-3.018.exe
2014-02-06 21:24 - 2014-02-07 17:45 - 00016181 _____ () C:\Users\********\Desktop\FRST.txt
2014-02-06 21:24 - 2014-02-06 21:24 - 00000000 ____D () C:\Users\********\Desktop\FRST-OlderVersion
2014-02-06 20:19 - 2014-02-06 20:19 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-02-06 20:07 - 2014-02-07 17:45 - 00000000 ____D () C:\FRST
2014-02-06 20:05 - 2014-02-06 21:24 - 02079744 _____ (Farbar) C:\Users\********\Desktop\FRST64.exe
2014-02-06 19:57 - 2014-02-06 21:09 - 00000000 ____D () C:\Users\********\AppData\Roaming\Nico Mak Computing
2014-02-06 19:57 - 2014-02-06 21:09 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-02-05 22:33 - 2014-02-05 22:33 - 00329609 _____ () C:\Users\********\Desktop\bookmarks-2014-02-05.json
2014-02-05 20:05 - 2014-02-05 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-02 12:00 - 2014-02-03 20:15 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-02-01 16:56 - 2014-02-01 16:56 - 00000000 ____D () C:\Users\********\Documents\MAGIX Speed
2014-01-28 18:36 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\********\Desktop\gmer.exe
2014-01-24 21:55 - 2014-02-07 17:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 21:55 - 2014-02-05 21:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-24 21:08 - 2014-01-24 21:08 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2014-01-24 21:07 - 2014-01-24 21:07 - 00000000 ____D () C:\Users\********\AppData\Local\Gigaset_Communications_Gm
2014-01-24 21:06 - 2014-01-24 21:06 - 00000000 ____D () C:\Program Files (x86)\Gigaset QuickSync
2014-01-24 20:50 - 2014-01-24 20:50 - 00000000 ____D () C:\Users\********\AppData\Local\Shaw Computer
2014-01-21 18:02 - 2014-01-21 18:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 17:58 - 2014-01-21 17:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 00000000 ____D () C:\Program Files\Java
2014-01-18 14:43 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 14:43 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 14:43 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-07 17:47 - 2014-02-06 21:24 - 00016181 _____ () C:\Users\********\Desktop\FRST.txt
2014-02-07 17:45 - 2014-02-06 20:07 - 00000000 ____D () C:\FRST
2014-02-07 17:44 - 2012-09-27 20:04 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-07 17:43 - 2014-02-07 17:19 - 00000112 _____ () C:\Windows\setupact.log
2014-02-07 17:43 - 2012-09-22 23:22 - 00000316 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-02-07 17:43 - 2010-01-19 22:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 17:43 - 2010-01-19 14:26 - 00000250 _____ () C:\Windows\SysWOW64\RunAppSvc.log
2014-02-07 17:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 17:42 - 2014-02-07 17:13 - 00000000 ____D () C:\AdwCleaner
2014-02-07 17:42 - 2010-01-19 21:45 - 01340922 _____ () C:\Windows\WindowsUpdate.log
2014-02-07 17:39 - 2014-02-07 17:39 - 00000985 _____ () C:\Users\********\Desktop\JRT.txt
2014-02-07 17:32 - 2014-02-07 17:32 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 17:30 - 2014-02-07 17:30 - 01037530 _____ (Thisisu) C:\Users\********\Desktop\JRT_6.1.1.exe
2014-02-07 17:28 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 17:28 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 17:19 - 2014-02-07 17:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-07 17:13 - 2014-02-07 17:12 - 01166132 _____ () C:\Users\********\Desktop\adwcleaner-3.018.exe
2014-02-07 17:05 - 2014-01-24 21:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 17:04 - 2010-01-19 22:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 21:24 - 2014-02-06 21:24 - 00000000 ____D () C:\Users\********\Desktop\FRST-OlderVersion
2014-02-06 21:24 - 2014-02-06 20:05 - 02079744 _____ (Farbar) C:\Users\********\Desktop\FRST64.exe
2014-02-06 21:09 - 2014-02-06 19:57 - 00000000 ____D () C:\Users\********\AppData\Roaming\Nico Mak Computing
2014-02-06 21:09 - 2014-02-06 19:57 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-02-06 20:19 - 2014-02-06 20:19 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-02-05 22:33 - 2014-02-05 22:33 - 00329609 _____ () C:\Users\********\Desktop\bookmarks-2014-02-05.json
2014-02-05 22:23 - 2012-04-24 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 21:05 - 2014-01-24 21:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 21:05 - 2012-03-31 11:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 21:05 - 2012-02-23 22:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 20:06 - 2014-02-05 20:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 20:04 - 2011-11-12 13:54 - 00000000 ____D () C:\Users\********\AppData\Roaming\MyPhoneExplorer
2014-02-03 21:06 - 2010-11-01 17:40 - 00000000 ____D () C:\Users\********\AppData\Roaming\FileZilla
2014-02-03 21:05 - 2009-08-10 12:39 - 00000000 ____D () C:\Windows\Panther
2014-02-03 20:15 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-02-03 19:33 - 2010-02-08 00:39 - 00016384 _____ () C:\Users\********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-02 20:33 - 2010-01-25 14:09 - 00000000 ____D () C:\Users\********\Documents\MAGIX_Video_deluxe_16_Premium
2014-02-02 11:59 - 2012-08-30 06:57 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-01 16:56 - 2014-02-01 16:56 - 00000000 ____D () C:\Users\********\Documents\MAGIX Speed
2014-02-01 15:35 - 2010-01-19 14:20 - 00000000 ____D () C:\Users\********\AppData\Local\Adobe
2014-02-01 11:40 - 2010-02-11 23:42 - 00000000 ____D () C:\Users\********\dwhelper
2014-01-28 18:36 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\********\Desktop\gmer.exe
2014-01-24 21:08 - 2014-01-24 21:08 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2014-01-24 21:07 - 2014-01-24 21:07 - 00000000 ____D () C:\Users\********\AppData\Local\Gigaset_Communications_Gm
2014-01-24 21:06 - 2014-01-24 21:06 - 00000000 ____D () C:\Program Files (x86)\Gigaset QuickSync
2014-01-24 21:05 - 2011-11-07 22:27 - 00000000 ____D () C:\Users\********\AppData\Local\Downloaded Installations
2014-01-24 20:50 - 2014-01-24 20:50 - 00000000 ____D () C:\Users\********\AppData\Local\Shaw Computer
2014-01-23 20:50 - 2009-08-10 12:51 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-01-23 20:50 - 2009-08-10 12:51 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-01-23 20:50 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-21 18:09 - 2013-10-20 10:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-21 18:02 - 2014-01-21 18:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 17:58 - 2014-01-21 17:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 00000000 ____D () C:\Program Files\Java
2014-01-21 17:50 - 2010-01-19 14:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-21 17:50 - 2010-01-19 14:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-20 19:42 - 2009-07-14 05:45 - 00523504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-18 14:47 - 2013-07-12 20:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 14:43 - 2010-01-20 14:49 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 09:59 - 2010-01-22 14:40 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-09 21:38 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
Some content of TEMP:
====================
C:\Users\********\AppData\Local\Temp\avgnt.exe
C:\Users\********\AppData\Local\Temp\Quarantine.exe
C:\Users\********\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-01 12:29
==================== End Of Log ============================
AdwCleaner[R0].txt Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 07/02/2014 um 17:13:26
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ********** - **********-AMILO
# Gestartet von : C:\Users\**********\Downloads\adwcleaner-3.018.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\END
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Ordner Gefunden : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Ordner Gefunden C:\Program Files (x86)\Common Files\spigot
Ordner Gefunden C:\Program Files (x86)\myfree codec
Ordner Gefunden C:\Program Files (x86)\searchresults1
Ordner Gefunden C:\ProgramData\Ask
Ordner Gefunden C:\ProgramData\boost_interprocess
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gefunden C:\ProgramData\Partner
Ordner Gefunden C:\ProgramData\SpeedyPC Software
Ordner Gefunden C:\Users\**********\AppData\Local\lollipop
Ordner Gefunden C:\Users\**********\AppData\LocalLow\Dealio
Ordner Gefunden C:\Users\**********\AppData\LocalLow\Search Settings
Ordner Gefunden C:\Users\**********\AppData\LocalLow\searchquband
Ordner Gefunden C:\Users\**********\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden C:\Users\**********\AppData\LocalLow\searchresults1
Ordner Gefunden C:\Users\**********\AppData\Roaming\DriverCure
Ordner Gefunden C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Searchqutoolbar
Ordner Gefunden C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\searchresults1
Ordner Gefunden C:\Users\**********\AppData\Roaming\SpeedyPC Software
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll
Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
Schlüssel Gefunden : HKCU\Software\APN DTX
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gefunden : HKCU\Software\lollipop
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gefunden : HKCU\Software\searchresults1
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SpeedyPC Software
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : [x64] HKCU\Software\APN DTX
Schlüssel Gefunden : [x64] HKCU\Software\lollipop
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : [x64] HKCU\Software\searchresults1
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\SpeedyPC Software
Schlüssel Gefunden : [x64] HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_media-player-codec-pack_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_media-player-codec-pack_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchresults1
Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb
Schlüssel Gefunden : HKLM\Software\SpeedyPC Software
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DataMngr
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v27.0 (de)
[ Datei : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\prefs.js ]
Zeile gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=");
-\\ Google Chrome v
[ Datei : C:\Users\**********\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7482 octets] - [07/02/2014 17:13:26]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7542 octets] ##########
Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 07/02/2014 um 17:17:20
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ******* - *******-AMILO
# Gestartet von : C:\Users\*******\Downloads\adwcleaner-3.018.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SpeedyPC Software
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\searchresults1
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Users\*******\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\*******\AppData\LocalLow\Dealio
Ordner Gelöscht : C:\Users\*******\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\*******\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\*******\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\*******\AppData\LocalLow\searchresults1
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\SpeedyPC Software
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\searchresults1
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\Extensions\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Datei Gelöscht : C:\END
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_media-player-codec-pack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_media-player-codec-pack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\searchresults1
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SpeedyPC Software
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\Software\SpeedyPC Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchresults1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DataMngr
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v27.0 (de)
[ Datei : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\u72qpz0o.default\prefs.js ]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=");
-\\ Google Chrome v
[ Datei : C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7682 octets] - [07/02/2014 17:13:26]
AdwCleaner[S0].txt - [6953 octets] - [07/02/2014 17:17:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7013 octets] ##########
|
|
08.02.2014, 13:21
| #4 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Bandoo.A kommt immer wiederESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.02.2014, 17:57
| #5 |
| | PUP.Optional.Bandoo.A kommt immer wieder ESET ist durch, hat auch zwei Funde gemeldet. Bei der Log-Datei ist aber wohl etwas schief gelaufen. In der LOG nichts drin. Steht nur ... ESETSmartInstaller@High as downloader log: all ok Security Check.exe geht auch nicht ... Fehlermeldung: UNSUPPORTED OPERATING SYSTEM! ABORTED! Hier dafür ein aktuelles FRST-Log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014
Ran by *********** (administrator) on ***********-AMILO on 08-02-2014 17:51:47
Running from C:\Users\***********\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Realtek\Realtek WHCI\RunAppSvc.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Realtek\Realtek WHCI\UWBMg.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Program Files (x86)\Hotkey Utility\tray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419704 2009-08-20] (CSR, plc)
HKLM\...\Run: [CSRFTP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe [463216 2009-08-20] (CSR, plc)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535392 2009-08-20] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431456 2009-08-20] (CSR, plc)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [265216 2008-04-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [FIC HotKey] - C:\Program Files (x86)\Hotkey Utility\tray.exe [1049088 2009-08-20] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\taskmgr.exe (Microsoft Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Versuch Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ts.fujitsu.com/index2
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\sd1gq79s.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - D:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - D:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @innoplus.de/inoPanoViewer - D:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\sd1gq79s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-02-08]
FF Extension: Personas Plus - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\sd1gq79s.default\Extensions\personas@christopher.beard.xpi [2014-02-08]
FF Extension: Password Exporter - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\sd1gq79s.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-02-08]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-08]
CHR Extension: (Google Drive) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-08]
CHR Extension: (YouTube) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-08]
CHR Extension: (Google-Suche) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-08]
CHR Extension: (Google Wallet) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
CHR Extension: (Google Mail) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-08]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-15] (Adobe Systems)
S3 AdobeActiveFileMonitor8.0; D:\Program Files\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [69120 2010-12-18] (Autodesk, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] ()
R2 RunAppSvc; C:\Program Files (x86)\Realtek\Realtek WHCI\RunAppSvc.exe [65536 2009-04-08] ()
S3 SamsungAllShareV2.0; D:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2011-12-16] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; D:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2011-12-16] (Samsung Electronics Co., Ltd.)
R2 TeamViewer8; D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [3467768 2012-12-14] (TeamViewer GmbH)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2012-09-01] ()
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145792 2009-08-20] (CSR, plc)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3379440 2013-04-16] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 DiskSec; C:\Windows\System32\Drivers\DiskSec.sys [27616 2009-09-23] (MAGIX)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)
R3 UPCDRV; C:\Windows\System32\DRIVERS\UPCDRV.sys [12800 2009-07-29] (First International Computer, Inc.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-09-01] (CyberLink Corp.)
S3 BthAvrcp; system32\DRIVERS\BthAvrcp.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U3 uxlyipog; \??\C:\Users\***********\AppData\Local\Temp\uxlyipog.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-08 17:51 - 2014-02-08 17:51 - 00015854 _____ () C:\Users\***********\Desktop\FRST.txt
2014-02-08 17:35 - 2014-02-08 17:35 - 02347384 _____ (ESET) C:\Users\***********\Downloads\esetsmartinstaller_enu.exe
2014-02-08 17:34 - 2014-02-08 17:34 - 00987425 _____ () C:\Users\***********\Desktop\SecurityCheck.exe
2014-02-08 14:05 - 2014-02-08 14:05 - 02347384 _____ (ESET) C:\Users\***********\Desktop\esetsmartinstaller_enu.exe
2014-02-08 14:05 - 2014-02-08 14:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-08 13:54 - 2014-02-08 12:02 - 00001342 _____ () C:\Users\***********\Desktop\AdwCleaner[S3].txt
2014-02-08 13:53 - 2014-02-08 13:53 - 00000905 _____ () C:\Users\***********\Desktop\JRT.txt
2014-02-08 13:46 - 2014-02-08 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 13:45 - 2014-02-08 13:45 - 01037530 _____ (Thisisu) C:\Users\***********\Desktop\JRT.exe
2014-02-08 13:31 - 2014-02-08 13:31 - 01166132 _____ () C:\Users\***********\Desktop\AdwCleaner.exe
2014-02-08 12:53 - 2014-02-08 12:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-07 17:13 - 2014-02-08 13:45 - 00000000 ____D () C:\AdwCleaner
2014-02-06 22:09 - 2014-02-08 13:02 - 00001544 _____ () C:\Windows\PFRO.log
2014-02-06 21:24 - 2014-02-06 21:24 - 00000000 ____D () C:\Users\***********\Desktop\FRST-OlderVersion
2014-02-06 20:19 - 2014-02-06 20:19 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-02-06 20:07 - 2014-02-08 17:51 - 00000000 ____D () C:\FRST
2014-02-06 20:05 - 2014-02-06 21:24 - 02079744 _____ (Farbar) C:\Users\***********\Desktop\FRST64.exe
2014-02-06 19:57 - 2014-02-06 21:09 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Nico Mak Computing
2014-02-06 19:57 - 2014-02-06 21:09 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-02-05 22:23 - 2014-02-08 13:41 - 00000560 _____ () C:\Windows\setupact.log
2014-02-05 22:23 - 2014-02-05 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-05 20:05 - 2014-02-08 12:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-02 12:00 - 2014-02-03 20:15 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-02-01 16:56 - 2014-02-01 16:56 - 00000000 ____D () C:\Users\***********\Documents\MAGIX Speed
2014-01-28 18:36 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\***********\Desktop\gmer.exe
2014-01-24 21:55 - 2014-02-08 17:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 21:55 - 2014-02-05 21:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-24 21:08 - 2014-01-24 21:08 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2014-01-24 21:07 - 2014-01-24 21:07 - 00000000 ____D () C:\Users\***********\AppData\Local\Gigaset_Communications_Gm
2014-01-24 21:06 - 2014-01-24 21:06 - 00000000 ____D () C:\Program Files (x86)\Gigaset QuickSync
2014-01-24 20:50 - 2014-01-24 20:50 - 00000000 ____D () C:\Users\***********\AppData\Local\Shaw Computer
2014-01-21 18:02 - 2014-01-21 18:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 17:58 - 2014-01-21 17:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 00000000 ____D () C:\Program Files\Java
2014-01-18 14:43 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 14:43 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 14:43 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 14:43 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-08 17:52 - 2014-02-08 17:51 - 00015854 _____ () C:\Users\***********\Desktop\FRST.txt
2014-02-08 17:51 - 2014-02-06 20:07 - 00000000 ____D () C:\FRST
2014-02-08 17:35 - 2014-02-08 17:35 - 02347384 _____ (ESET) C:\Users\***********\Downloads\esetsmartinstaller_enu.exe
2014-02-08 17:34 - 2014-02-08 17:34 - 00987425 _____ () C:\Users\***********\Desktop\SecurityCheck.exe
2014-02-08 17:05 - 2014-01-24 21:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-08 17:04 - 2010-01-19 22:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-08 14:06 - 2010-01-19 21:45 - 01355403 _____ () C:\Windows\WindowsUpdate.log
2014-02-08 14:05 - 2014-02-08 14:05 - 02347384 _____ (ESET) C:\Users\***********\Desktop\esetsmartinstaller_enu.exe
2014-02-08 14:05 - 2014-02-08 14:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-08 13:54 - 2012-09-27 20:04 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-08 13:53 - 2014-02-08 13:53 - 00000905 _____ () C:\Users\***********\Desktop\JRT.txt
2014-02-08 13:49 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 13:49 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 13:46 - 2014-02-08 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 13:45 - 2014-02-08 13:45 - 01037530 _____ (Thisisu) C:\Users\***********\Desktop\JRT.exe
2014-02-08 13:45 - 2014-02-07 17:13 - 00000000 ____D () C:\AdwCleaner
2014-02-08 13:41 - 2014-02-05 22:23 - 00000560 _____ () C:\Windows\setupact.log
2014-02-08 13:41 - 2012-09-22 23:22 - 00000316 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-02-08 13:41 - 2010-01-19 22:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-08 13:41 - 2010-01-19 14:26 - 00000250 _____ () C:\Windows\SysWOW64\RunAppSvc.log
2014-02-08 13:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 13:31 - 2014-02-08 13:31 - 01166132 _____ () C:\Users\***********\Desktop\AdwCleaner.exe
2014-02-08 13:02 - 2014-02-06 22:09 - 00001544 _____ () C:\Windows\PFRO.log
2014-02-08 12:53 - 2014-02-08 12:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-08 12:53 - 2014-02-05 20:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-08 12:35 - 2010-01-19 14:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-08 12:19 - 2010-01-19 14:20 - 00000000 ____D () C:\Users\***********
2014-02-08 12:12 - 2013-06-23 14:33 - 00000000 ____D () C:\Users\Versuch Admin
2014-02-08 12:12 - 2010-12-17 23:48 - 00000000 ____D () C:\Users\Gast
2014-02-08 12:11 - 2010-09-25 13:14 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Malwarebytes
2014-02-08 12:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-08 12:02 - 2014-02-08 13:54 - 00001342 _____ () C:\Users\***********\Desktop\AdwCleaner[S3].txt
2014-02-06 21:24 - 2014-02-06 21:24 - 00000000 ____D () C:\Users\***********\Desktop\FRST-OlderVersion
2014-02-06 21:24 - 2014-02-06 20:05 - 02079744 _____ (Farbar) C:\Users\***********\Desktop\FRST64.exe
2014-02-06 21:09 - 2014-02-06 19:57 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Nico Mak Computing
2014-02-06 21:09 - 2014-02-06 19:57 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-02-06 20:19 - 2014-02-06 20:19 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-02-05 22:23 - 2014-02-05 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-05 21:05 - 2014-01-24 21:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 21:05 - 2012-03-31 11:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 21:05 - 2012-02-23 22:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 20:04 - 2011-11-12 13:54 - 00000000 ____D () C:\Users\***********\AppData\Roaming\MyPhoneExplorer
2014-02-03 21:06 - 2010-11-01 17:40 - 00000000 ____D () C:\Users\***********\AppData\Roaming\FileZilla
2014-02-03 21:05 - 2009-08-10 12:39 - 00000000 ____D () C:\Windows\Panther
2014-02-03 20:15 - 2014-02-02 12:00 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-02-03 19:33 - 2010-02-08 00:39 - 00016384 _____ () C:\Users\***********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-02 20:33 - 2010-01-25 14:09 - 00000000 ____D () C:\Users\***********\Documents\MAGIX_Video_deluxe_16_Premium
2014-02-02 11:59 - 2012-08-30 06:57 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-01 16:56 - 2014-02-01 16:56 - 00000000 ____D () C:\Users\***********\Documents\MAGIX Speed
2014-02-01 15:35 - 2010-01-19 14:20 - 00000000 ____D () C:\Users\***********\AppData\Local\Adobe
2014-02-01 11:40 - 2010-02-11 23:42 - 00000000 ____D () C:\Users\***********\dwhelper
2014-01-28 18:36 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\***********\Desktop\gmer.exe
2014-01-24 21:08 - 2014-01-24 21:08 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2014-01-24 21:07 - 2014-01-24 21:07 - 00000000 ____D () C:\Users\***********\AppData\Local\Gigaset_Communications_Gm
2014-01-24 21:06 - 2014-01-24 21:06 - 00000000 ____D () C:\Program Files (x86)\Gigaset QuickSync
2014-01-24 21:05 - 2011-11-07 22:27 - 00000000 ____D () C:\Users\***********\AppData\Local\Downloaded Installations
2014-01-24 20:50 - 2014-01-24 20:50 - 00000000 ____D () C:\Users\***********\AppData\Local\Shaw Computer
2014-01-23 20:50 - 2009-08-10 12:51 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-01-23 20:50 - 2009-08-10 12:51 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-01-23 20:50 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-21 18:09 - 2013-10-20 10:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-21 18:02 - 2014-01-21 18:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 18:02 - 2014-01-21 18:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 17:58 - 2014-01-21 17:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-21 17:58 - 2014-01-21 17:58 - 00000000 ____D () C:\Program Files\Java
2014-01-21 17:50 - 2010-01-19 14:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-21 17:50 - 2010-01-19 14:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-20 19:42 - 2009-07-14 05:45 - 00523504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-18 14:47 - 2013-07-12 20:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 14:43 - 2010-01-20 14:49 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 09:59 - 2010-01-22 14:40 - 00270496 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-09 21:38 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
Some content of TEMP:
====================
C:\Users\***********\AppData\Local\Temp\avgnt.exe
C:\Users\***********\AppData\Local\Temp\Quarantine.exe
C:\Users\***********\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-01 12:29
==================== End Of Log ============================
Bevor ich den ESET starten konnte, gab es Probleme mit Firefox, mehrfach abgestürzt. Habe den dann komplett deinstalliert und neu installiert. Hoffe das war ok so ? Soll ich den ESET nochmal laufen lassen ? |
|
09.02.2014, 09:48
| #6 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Bandoo.A kommt immer wieder Nee passt. Securitycheck kannste ignorieren, ist ne Zicke. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter U3 uxlyipog; \??\C:\Users\***********\AppData\Local\Temp\uxlyipog.sys [X]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> PUP.Optional.Bandoo.A kommt immer wieder |
|
10.02.2014, 19:58
| #7 |
| | PUP.Optional.Bandoo.A kommt immer wieder Hallo schrauber, hier die Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014
Ran by ******** at 2014-02-10 19:49:11 Run:1
Running from C:\Users\********\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
U3 uxlyipog; \??\C:\Users\********\AppData\Local\Temp\uxlyipog.sys [X]
*****************
uxlyipog => Service not found.
==== End of Fixlog ====
Achja, die ******* habe ich natürlich gegen den Benutzernamen in der Fixlist getauscht. ich habe gestern nochmal das ganze System mit Avira und Malwarebytes gecheckt und es gab keine Funde mehr !  Ich denke die Sache ist erledigt, oder ? Kurze Frage noch ... Wenn ich jetzt einen Systemwiederherstellungspunkt erstelle und falls mal wieder ein Problem auftaucht, einfach auf diesen wieder zurücksetze. Funktioniert das, oder ist die Methode nicht sicher ? Ciao |
|
11.02.2014, 17:33
| #8 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Bandoo.A kommt immer wieder Das funktioniert direkt nach der Infektion, aber bitte zuerst aufräumen mit Delfix und so, damit die alten Punkte alle weg sind
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.02.2014, 18:13
| #9 |
| | PUP.Optional.Bandoo.A kommt immer wieder ok. Danke für die Info. Die Meldung oben "uxlyipog => Service not found." ist auch ok, oder muss ich aktuell noch was machen ? |
|
12.02.2014, 17:44
| #10 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Bandoo.A kommt immer wieder nö, fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.02.2014, 20:59
| #11 |
| | PUP.Optional.Bandoo.A kommt immer wieder Ok, super. DANKE NOCHMAL !!  Spende geht auch noch raus. |
|
13.02.2014, 21:42
| #12 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Bandoo.A kommt immer wieder Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu PUP.Optional.Bandoo.A kommt immer wieder |
| administrator, adobe, adobe flash player, antivir, avira, browser, canon, explorer, flash player, helper, homepage, kommt immer wieder, mozilla, neustart, nvidia, opera, pup.optional.bandoo.a, realtek, registry, services.exe, software, spyhunter, spyhunter entfernen, synology, temp, winlogon.exe |
Linear-Darstellung
